CNNVD-202509-1183 Information
CNNVD ID
CNNVD-202509-1183
Related CVE
- CNNVD Published: 2025-09-09
Description (Chinese)
OctoPrint是OctoPrint开源的一个应用程序。提供了一个快速的Web界面,用于控制消费类3D打印机。 OctoPrint 1.11.2及之前版本存在操作系统命令注入漏洞,该漏洞源于文件名处理不当,可能导致任意命令执行。
Description (English)
The OctoPrint is an application from the OctoPrint Open Source. A fast Web interface was provided to control 3D printers in the consumer category. The OctoPrint 1.11.2 and previous versions had introduced a loophole in the operating system orders, which stemmed from the improper handling of file names and could lead to arbitrary enforcement.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
OctoPrint
Published
2025-09-09
Last Modified
2026-02-24
References
https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-49mj-x8jp-qvfc https://github.com/OctoPrint/OctoPrint/commit/be4201ef58d9a7c03593252398c16eada90a258b https://github.com/OctoPrint/OctoPrint/commit/c3a940962f4658a8e035a00388781b1cbd768841 https://github.com/OctoPrint/OctoPrint/releases/tag/1.11.3 https://access.redhat.com/security/cve/cve-2025-58180 https://www.exploit-db.com/exploits/52476
Patch
https://octoprint.org/download/
Share on: