CVE-2025-57521
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-21

Last updated on: 2025-10-22

Assigner: MITRE

Description
Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a malicious component in the expected location, which is controllable by the attacker (e.g., under %APPDATA%), resulting in code execution within the context of the user. The main application is digitally signed, which may allow a malicious component to inherit trust and evade detection by security solutions that rely on signed parent processes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-21
Last Modified
2025-10-22
Generated
2026-06-16
AI Q&A
2025-10-21
EPSS Evaluated
2026-06-14
NVD
CVE-2025-57521
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bambu_lab bambu_studio 2.1.1.52
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Bambu Studio 2.1.1.52 and earlier allows an attacker to execute arbitrary code during the application's startup. The application loads a network plugin without checking its digital signature or verifying its authenticity. A local attacker can place a malicious component in a location the application expects (such as under %APPDATA%), causing the application to run the attacker's code with the user's privileges. Because the main application is digitally signed, the malicious component may inherit this trust and avoid detection by security tools that trust signed processes.

Impact Analysis

This vulnerability can lead to arbitrary code execution within the context of the user running the application. An attacker who exploits this can run malicious code on your system with your user privileges, potentially leading to unauthorized actions, data compromise, or further system compromise depending on the user's permissions.

Mitigation Strategies

To mitigate this vulnerability, immediately restrict or monitor the locations where the application loads network plugins, such as the %APPDATA% directory, to prevent placement of malicious components. Additionally, consider running the application with the least privilege necessary to limit the impact of arbitrary code execution. Applying application whitelisting or endpoint protection that does not solely rely on the digital signature of the parent process may also help reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57521. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart