5.4

CVE-2025-48067

EPSS 0.04%
Veröffentlicht 10.06.2025 15:19:44
Zuletzt bearbeitet 12.08.2025 13:44:39
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Octoprint ≫ Octoprint Version < 1.11.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.111

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	2.1	2.5	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
security-advisories@github.com	5.4	2.3	2.7	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2

Vendor Advisory

https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-48067

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-48067

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-48067

EUVD