CVE-2025-62782
BaseFortify
Publication date: 2025-10-27
Last updated on: 2025-11-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenix616 | inventorygui | to 1.6.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-837 | The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in InventoryGui library versions 1.6.3-SNAPSHOT and earlier, where GUIs using GuiStorageElement can allow item duplication if the experimental Bundle item feature is enabled on the server. This means that players can duplicate items in the game, which is unintended behavior. The issue is fixed in version 1.6.4-SNAPSHOT.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing item duplication in Bukkit/Spigot plugins that use InventoryGui with GuiStorageElement and the experimental Bundle item feature enabled. This can lead to unfair gameplay, economic imbalance, or exploitation in the game environment.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update InventoryGui to version 1.6.4-SNAPSHOT or later, where the issue is resolved. Additionally, consider disabling the experimental Bundle item feature on your server until the update is applied.