CVE-2025-32788

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-32788
OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2
https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x
Configurations

No configuration.

History

23 Apr 2025, 14:08

Type Values Removed Values Added
Summary
  • (es) OctoPrint proporciona una interfaz web para controlar impresoras 3D de consumo. En versiones hasta la 1.10.3 (incluida), OctoPrint presenta una vulnerabilidad que permite a un atacante eludir la redirección de inicio de sesión y acceder directamente al HTML renderizado de ciertas páginas frontend. El principal riesgo reside en posibles modificaciones futuras del código base que podrían basarse incorrectamente en las funciones internas vulnerables para las comprobaciones de autenticación, lo que generaría vulnerabilidades de seguridad. Este problema se ha corregido en la versión 1.11.0.

22 Apr 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-22 18:15

Updated : 2025-04-23 14:08

NVD link : CVE-2025-32788

Mitre link : CVE-2025-32788

CVE.ORG link : CVE-2025-32788

JSON object : View

Products Affected

No product.

CWE
CWE-290

Authentication Bypass by Spoofing