CNNVD-202506-1840 Information
CNNVD ID
CNNVD-202506-1840
Related CVE
- CNNVD Published: 2025-06-15
Description (Chinese)
ComfyUI是comfyanonymous个人开发者的一个最强大和模块化的扩散模型 GUI 和后端。 ComfyUI 0.3.39及之前版本存在代码注入漏洞,该漏洞源于文件/upload/image中参数image的错误操作导致跨站脚本攻击。
Description (English)
ComfyUI is one of the most powerful and modular proliferation models of the GUI and backends of the confyanonymous personal developers. ComfyUI 0.3.39 and previous versions had a code-injection loophole, which resulted from the error of the parameter image in file/upload/image resulting in a cross-site script attack.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
个人开发者
Published
2025-06-15
Last Modified
2026-02-24
References
https://vuldb.com/?ctiid.312559 https://vuldb.com/?id.312559 https://gist.github.com/superboy-zjc/96f0d56da584d840ba18355cbea96ac4 https://vuldb.com/?submit.588224 https://access.redhat.com/security/cve/cve-2025-6092
Patch
https://github.com/comfyanonymous/ComfyUI/releases
Share on: