CVE-2025-62783

EPSS 0.05%
Veröffentlicht 27.10.2025 20:54:36
Zuletzt bearbeitet 03.11.2025 20:40:10
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.1-SNAPSHOT and earlier contain a vulnerability where any plugin using the `GuiStorageElement  can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.2-SNAPSHOT.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phoenix616 ≫ Inventorygui Version < 1.6.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.14

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CWE-837 Improper Enforcement of a Single, Unique Action

The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction.

https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-598q-jw82-5w66

Patch

Third Party Advisory

https://github.com/Phoenix616/InventoryGui/issues/48

Issue Tracking

https://github.com/Phoenix616/InventoryGui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-62783

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-62783

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-62783

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-62783