CVE-2025-62784
BaseFortify
Publication date: 2025-10-27
Last updated on: 2025-11-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenix616 | inventorygui | to 1.6.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-837 | The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in InventoryGui versions before 1.6.5, a library used for creating chest GUIs in Bukkit/Spigot plugins. It allows item duplication when a plugin uses a GUI with the GuiStorageElement that permits taking items out, combined with the experimental Bundle item feature enabled on the server. The issue is fixed in version 1.6.5.
How can this vulnerability impact me? :
The vulnerability can lead to item duplication in the game environment, which may disrupt game balance, economy, or fairness in multiplayer servers using affected plugins. This could undermine server integrity and user experience.
What immediate steps should I take to mitigate this vulnerability?
Upgrade InventoryGui to version 1.6.5 or later, as this version resolves the item duplication vulnerability. Additionally, consider disabling the experimental Bundle item feature on the server until the upgrade is applied.