CNNVD-202511-725 Information
CNNVD ID
CNNVD-202511-725
Related CVE
- CNNVD Published: 2025-11-07
Description (Chinese)
OctoPrint是OctoPrint开源的一个应用程序。提供了一个快速的Web界面,用于控制消费类3D打印机。 OctoPrint 1.11.3及之前版本存在安全漏洞,该漏洞源于允许在Action Command通知和提示弹出窗口中注入任意HTML和JavaScript,可能导致打印中断、信息泄露或在OctoPrint实例中执行其他操作。
Description (English)
The OctoPrint is an application from the OctoPrint Open Source. A fast Web interface was provided to control 3D printers in the consumer category. There is a security loophole in the OctoPrint 1.11.3 and earlier versions, which stems from allowing the injection of any HTML and JavaScript into the pop-up window of the Action Company Notification and Tip, which may lead to a print interruption, information leak or other operations in the OctoPrint instance.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
OctoPrint
Published
2025-11-07
Last Modified
2026-02-24
References
https://github.com/OctoPrint/OctoPrint/commit/9112e07b1085f4c1ee9eefc67985809251057a44 https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-crvm-xjhm-9h29 https://access.redhat.com/security/cve/cve-2025-64187
Patch
https://github.com/OctoPrint/OctoPrint/releases
Share on: