CVE-2025-48067

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-48067
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48067.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-48067
Aliases
Published
2025-06-10T15:19:44.186Z
Modified
2026-04-10T05:28:06.539051Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L CVSS Calculator
Summary
OctoPrint vulnerable to possible file extraction via upload endpoints
Details

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-73"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48067.json"
}
References

Affected packages

Git / github.com/foosel/octoprint

Affected ranges

Type
GIT
Repo
https://github.com/foosel/octoprint
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
96e48c5662274a1941486d3e0853141661fc0455
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.11.2"
        }
    ]
}

Affected versions

1.*
1.1.0-dev
1.10.0
1.10.1
1.10.2
1.10.3
1.11.0
1.11.1
1.2.0
1.2.0-dev
1.2.0-rc1
1.2.0-rc2
1.2.0-rc3
1.2.1
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.16rc1
1.2.16rc2
1.2.17rc1
1.2.17rc2
1.2.17rc3
1.2.18
1.2.18rc1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.5.0
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.1
1.5.2
1.5.3
1.6.1
1.7.1
1.7.2
1.7.3
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.9.0
1.9.2
1.9.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48067.json"

Git / github.com/octoprint/octoprint

Affected ranges

Type
GIT
Repo
https://github.com/octoprint/octoprint
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
96e48c5662274a1941486d3e0853141661fc0455

Affected versions

1.*
1.1.0-dev
1.10.0
1.10.1
1.10.2
1.10.3
1.11.0
1.11.1
1.2.0
1.2.0-dev
1.2.0-rc1
1.2.0-rc2
1.2.0-rc3
1.2.1
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.16rc1
1.2.16rc2
1.2.17rc1
1.2.17rc2
1.2.17rc3
1.2.18
1.2.18rc1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.4.0rc1
1.4.0rc2
1.4.0rc3
1.4.0rc4
1.4.0rc5
1.4.0rc6
1.5.0
1.5.0rc1
1.5.0rc2
1.5.0rc3
1.5.1
1.5.2
1.5.3
1.6.1
1.7.1
1.7.2
1.7.3
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.9.0
1.9.2
1.9.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48067.json"