7.5

CVE-2025-67303

Exploit

EPSS 0.02%
Veröffentlicht 05.01.2026 00:00:00
Zuletzt bearbeitet 30.01.2026 01:31:37
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Comfy ≫ Comfyui-manager Version < 3.38

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.056

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-420 Unprotected Alternate Channel

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

https://github.com/Comfy-Org/ComfyUI-Manager/blob/main/docs/en/v3.38-userdata-security-migration.md

Third Party Advisory

Exploit

https://github.com/Comfy-Org/ComfyUI-Manager/pull/2338/commits/e44c5cef58fb4973670b86433b9d24d077b44a26

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-67303

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-67303

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-67303

EUVD