CVE-2025-48067

MEDIUM

5.4CVSS v3

—CVSS v2

0.10% EPSS (exploit probability)

CWE-73CWE

Description

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.

CVSS v3 vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE