CVE-2025-62783

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-62783

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62783.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-62783

Aliases

GHSA-598q-jw82-5w66

Published

2025-10-27T20:54:36.254Z

Modified

2026-04-12T18:47:03.570724Z

Severity

5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVSS Calculator

Summary

InventoryGui affected by item duplication in GUIs which use GuiStorageElement

Details

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.1-SNAPSHOT and earlier contain a vulnerability where any plugin using the `GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.2-SNAPSHOT.

Database specific

{
    "cwe_ids": [
        "CWE-837"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62783.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/phoenix616/inventorygui

Affected ranges

Type: GIT
Repo: https://github.com/phoenix616/inventorygui
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

27a52ef6d934a1c232e110e0010e4aa810c27029

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62783.json"

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 1614.0,
            "function_hash": "146346071083695590803261329308158386811"
        },
        "source": "https://github.com/phoenix616/inventorygui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029",
        "id": "CVE-2025-62783-3f261db1",
        "signature_type": "Function",
        "target": {
            "function": "handleInteract",
            "file": "src/main/java/de/themoep/inventorygui/InventoryGui.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "233853074816097931183757349015369505905",
                "220623504998945394016191106553660589019",
                "219072779425338170956165407556706946852",
                "75198821389244855708944150514486556043",
                "109338749678674971985650389879441757612",
                "183593174556638064359940359874772032548",
                "30088607585844776654637413870820497426",
                "118184780409789683838888783977296316879",
                "125878624871804440806877634271113591182",
                "10951962449558485021205136101874759271",
                "155098970990621282141517025726507385513",
                "50424030524134857822416189805868249399",
                "173790849764115637188776479818699565000",
                "145437175989248062830505543542894781235",
                "79408169305470687276463535485752552920",
                "261382823021608325120322495342385087256",
                "61600816219335754760804425647142424162",
                "125266974458771507172475581027997708156",
                "220884027888050459794073188008898298494",
                "148723716653639589874167383052553546748",
                "294467035853995406047596914850291784860",
                "10400455245022943300299493150674844624",
                "233528977067677122501570037074933183370",
                "291221879964320523465493115527228904100",
                "555935330358997277156937778741421076",
                "292772159772595502491125731344300719063",
                "335821874880869127722236297147882594292",
                "3765094737708976149844248796232403433",
                "334710105601137277389513637592606446973",
                "44730359658934169542142886782045276327",
                "254352450942272932903182073150900430191",
                "232132584322982313741951864236740534324",
                "220135748856527374622987297534403329387"
            ]
        },
        "source": "https://github.com/phoenix616/inventorygui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029",
        "id": "CVE-2025-62783-7bca700a",
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/de/themoep/inventorygui/InventoryGui.java"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 1471.0,
            "function_hash": "216429781508387826202706346537626650838"
        },
        "source": "https://github.com/phoenix616/inventorygui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029",
        "id": "CVE-2025-62783-eebf5522",
        "signature_type": "Function",
        "target": {
            "function": "simulateCollectToCursor",
            "file": "src/main/java/de/themoep/inventorygui/InventoryGui.java"
        }
    }
]

vanir_signatures_modified

"2026-04-12T18:47:03Z"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.6.2"
            }
        ]
    }
]