Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-48067

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.

Published

2025-06-10T16:15:41.357

Last Modified

2025-08-12T13:44:39.947

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-73

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	octoprint	octoprint	< 1.11.2	Yes

References

https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8 Patch ([email protected])
https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2 Vendor Advisory ([email protected])