CVE-2025-62783
BaseFortify
Publication date: 2025-10-27
Last updated on: 2025-11-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenix616 | inventorygui | to 1.6.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-837 | The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in InventoryGui library versions 1.6.1-SNAPSHOT and earlier, where any plugin using the GuiStorageElement can allow item duplication if the experimental Bundle item feature is enabled on the server. This means that items can be duplicated unintentionally or maliciously, which is a flaw in the system's handling of item storage and bundles.
How can this vulnerability impact me? :
The vulnerability can lead to item duplication on servers using the affected InventoryGui versions with the experimental Bundle item feature enabled. This can impact game balance, economy, and fairness by allowing players or plugins to create duplicate items, potentially leading to exploitation or abuse.
What immediate steps should I take to mitigate this vulnerability?
Upgrade InventoryGui to version 1.6.2-SNAPSHOT or later, as this version resolves the item duplication vulnerability related to the GuiStorageElement when the experimental Bundle item feature is enabled.