AI description
CVE-2025-67303 describes a vulnerability found in ComfyUI-Manager, affecting versions prior to 3.38. This issue allows remote attackers to potentially manipulate the application's configuration and critical data. The root cause of this vulnerability is that ComfyUI-Manager stores its files in a location that is insufficiently protected and accessible via the web interface. The vulnerability was published on January 5, 2026.
- Description
- An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- comfyui-manager
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-420
- Hype score
- Not currently trending
#ComfyUI #CVE-2025-67303 Analysis of ComfyUI-Manager RCE https://t.co/36OlvtSyLN
@HelixGuard_AI
9 Jan 2026
52 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-67303 (CVSS 7.5): ComfyUIManager web interface Unauthorized Access An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an http
@zoomeye_team
7 Jan 2026
2108 Impressions
6 Retweets
32 Likes
7 Bookmarks
0 Replies
0 Quotes
看到 @Y4tacker 用他的Agent 复现了一下 CVE-2025-67303 我也尝试用了一下 https://t.co/mSKkQPGIP1 进行了简单复现,从环境搭建到漏洞分析和 PoC 编写全由 evil-opencode 和GLM4.7 完成, 中间人为接管了一次。 去除了LLM guarded (o
@bestswngs
7 Jan 2026
18547 Impressions
26 Retweets
178 Likes
153 Bookmarks
6 Replies
1 Quote
ComfyUI-Manager < v3.38 pwned 💥 https://t.co/mykfPKpc6t author: Ricter Zheng from Tencent Xuanwu Lab #CVE-2025-67303 https://t.co/qIGVgmSOM9
@D0n9D0n9
7 Jan 2026
325 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-67303 ComfyUI-Manager Remote Code Execution 突然想起来我还有推特昨晚用我的Agent 10分钟分析的,之后的RCE就是CVE-2024-21574利用的复活 https://t.co/Nrz2dxDyjm
@Y4tacker
7 Jan 2026
6368 Impressions
7 Retweets
61 Likes
20 Bookmarks
1 Reply
0 Quotes
#CVE-2025-67303 ComfyUI-Manager Remote Code Execution https://t.co/jhOW5ih0NN
@pyn3rd
6 Jan 2026
20157 Impressions
32 Retweets
268 Likes
106 Bookmarks
2 Replies
1 Quote
CVE-2025-67303 ComfyUI-Manager Configuration Manipulation via Unprotected Web Interface Vulnerability https://t.co/5k8qBiMlmg
@VulmonFeeds
5 Jan 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-67303 An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the applicat… https://t.co/5THaeWN5jG
@CVEnew
5 Jan 2026
206 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:comfy:comfyui-manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2BEDC7B-32BB-4C47-81B5-4EC4357B3E36",
"versionEndExcluding": "3.38"
}
],
"operator": "OR"
}
]
}
]