CVE-2025-62169
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-10-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wildrikku | octoprint-spoolmanager | 1.7.8 |
| wildrikku | octoprint-spoolmanager | 1.7.7 |
| wildrikku | octoprint-spoolmanager | 1.8.0a3 |
| wildrikku | octoprint-spoolmanager | 1.8.0a2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in OctoPrint-SpoolManager plugin versions 1.8.0a2 and older (testing branch) and 1.7.7 and older (stable branch) is due to improper enforcement of authentication and authorization checks in the plugin's APIs. This allows unauthenticated attackers to access and modify the SpoolManager database, including resetting settings, deleting all data, and altering external database connections. The issue is identified as CWE-287 (Improper Authentication). The vulnerability is mitigated in OctoPrint version 1.11.2 and newer, which restrict database modifications without authentication. [2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to access and modify sensitive spool management data, including deleting all data via a reset operation and changing database connections. On OctoPrint versions prior to 1.11.2, attackers can also download or delete the plugin's database and add or remove spools. This can lead to loss of data integrity, confidentiality breaches, and denial of service by wiping data. Additionally, a related JavaScript execution vulnerability in the QR code feature could enable phishing attacks by executing malicious scripts in users' browsers. [2, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the OctoPrint-SpoolManager plugin version is 1.7.7 or older (stable branch) or 1.8.0a2 or older (testing branch), as these versions do not enforce authentication on the API. You can verify the plugin version via OctoPrint's plugin manager or by inspecting the installed package version. Additionally, monitoring network traffic for unauthorized API access attempts to the SpoolManager endpoints could indicate exploitation attempts. Specific commands are not provided in the resources, but checking the plugin version and reviewing API access logs are recommended steps. [2, 3, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the OctoPrint-SpoolManager plugin to version 1.7.8 (stable branch) or 1.8.0a3 (testing branch), where the vulnerability is patched by enforcing authentication on the API. Additionally, ensure that your OctoPrint installation is version 1.11.2 or newer, as this reduces the impact of the vulnerability by preventing unauthorized database modification or download. It is also advised to create backups before upgrading. Restricting API access to authenticated users and monitoring for suspicious activity are important interim measures. [2, 4]