Home > Vulnerability Database > CVE-2025-48067

Mend.io Vulnerability Database

CVE-2025-48067

Good to know:

Date: June 10, 2025

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.

Severity Score

5.4

Related Resources (5)

Url: https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8

Url: https://github.com/OctoPrint/OctoPrint

Url: https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-48067

Url: https://www.mend.io/vulnerability-database/CVE-2025-48067

Severity Score

5.4

Weakness Type (CWE)

External Control of File Name or Path

CWE-73

Top Fix

Upgrade Version

Upgrade to version octoprint - 1.11.2;OctoPrint - 1.11.2;https://github.com/OctoPrint/OctoPrint.git - 1.11.2

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-48067

Good to know:

Date: June 10, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?