Home > Vulnerability Database > CVE-2025-57521

Mend.io Vulnerability Database

CVE-2025-57521

Good to know:

Date: October 20, 2025

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a malicious component in the expected location, which is controllable by the attacker (e.g., under %APPDATA%), resulting in code execution within the context of the user. The main application is digitally signed, which may allow a malicious component to inherit trust and evade detection by security solutions that rely on signed parent processes.

Severity Score

6.1

Related Resources (6)

Url: https://wiki.bambulab.com/en/software/bambu-studio/release/release-note-2-3-0

Url: http://bambu.com

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-57521

Url: https://github.com/piuppi/Proof-of-Concepts/blob/main/Bambu%20Lab/Bambu%20Studio/README.md

Url: https://github.com/bambulab/BambuStudio/issues/7405

Url: https://www.mend.io/vulnerability-database/CVE-2025-57521

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version https://github.com/bambulab/BambuStudio.git - v02.03.00.70

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-57521

Good to know:

Date: October 20, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?