CVE-2025-62784

EPSS 0.05%
Veröffentlicht 27.10.2025 20:59:22
Zuletzt bearbeitet 04.11.2025 14:59:16
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions before 1.6.5 contain a vulnerability where any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.5.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phoenix616 ≫ Inventorygui Version < 1.6.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.161

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-837 Improper Enforcement of a Single, Unique Action

The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction.

https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-7whh-79j3-7c55

Patch

Third Party Advisory

https://github.com/Phoenix616/InventoryGui/commit/690fc91d137c6cc04f6ed3a89449050964dd8cb9

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-62784

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-62784

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-62784

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-62784