CVE-2025-48067

Published Jun 10, 2025

Last updated a month ago

CVSS medium 5.4

Overview

Description
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.4
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-73

Social media

Hype score
Not currently trending

  1. CVE-2025-48067 OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attac… https://t.co/aiew4idtcv

    @CVEnew

    10 Jun 2025

    179 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.