CVE-2025-6107
BaseFortify
Publication date: 2025-06-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-913 | The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements. |
| CWE-915 | The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6107 is a class pollution vulnerability in ComfyUI version 0.3.40. It occurs because the function set_attr in the file /comfy/utils.py dynamically sets object attributes based on untrusted input without proper validation. Specifically, when a malicious ControlLoRA model containing specially crafted keys with dotted paths in its state dictionary is loaded via the ControlNet loader, the software unconditionally patches model parameters. This allows an attacker to overwrite critical internal Python class attributes at runtime, such as the __getattribute__ method of torch.nn.Module, causing the application to malfunction or crash. The root cause is improper control of dynamically-determined object attributes, classified under CWE-915. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to a denial-of-service (DoS) attack by corrupting critical internal attributes of Python classes used by ComfyUI, causing all model-related operations to fail or crash. The attack can be launched remotely by loading a malicious ControlLoRA model, but requires user interaction. The impact primarily affects system availability, potentially disrupting services that rely on ComfyUI. The exploitability is considered difficult, and no mitigations or countermeasures are currently provided by the vendor. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-6107 involves monitoring for the loading of malicious ControlLoRA models containing specially crafted keys with dotted paths in their state dictionaries via the ControlNet loader in ComfyUI. Since the vulnerability arises from unvalidated dynamic attribute setting in the set_attr function, one detection approach is to inspect loaded model state dictionaries for suspicious keys that include dotted attribute paths (e.g., keys like 'time_embed.__class__.__base__.__getattribute__'). There are no specific commands provided in the resources, but a practical method would be to log or audit the keys of state dictionaries being loaded by ComfyUI, looking for keys containing dots or unusual attribute paths. Additionally, monitoring for unexpected crashes or denial-of-service symptoms in ComfyUI after loading ControlLoRA models may indicate exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding loading untrusted or unverified ControlLoRA models through the ControlNet loader in ComfyUI version 0.3.40, as the vulnerability is triggered by maliciously crafted model state dictionaries. Since no vendor patch or official fix is available and the vendor did not respond to the disclosure, it is recommended to consider replacing or upgrading the affected component if possible. Additionally, restricting user interaction that allows loading of external models and implementing strict validation or sanitization of model state dictionary keys before they are processed by the set_attr function can help mitigate the risk. Monitoring for and blocking suspicious model files and limiting network exposure of the ComfyUI service may also reduce attack surface. [3, 1]