CVE-2025-48067 – OctoPrint File Exfiltration Information Disclosure

June 10, 2025

CVE ID : CVE-2025-48067

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48879 – OctoPrint Denial of Service (DoS) Vulnerability

Next Article CVE-2025-47110 – Adobe Commerce Stored Cross-Site Scripting (XSS) Vulnerability

Highlights

CVE-2025-5544 – Aluoxiang OA System Path Traversal Vulnerability

June 3, 2025

CVE ID : CVE-2025-5544

Published : June 3, 2025, 11:15 p.m. | 3 hours, 8 minutes ago

Description : A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/java/cn/gson/oasys/controller/user/UserpanelController.java. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

6 registry tweaks every tech-savvy user must apply on Windows 11

Here’s why network infrastructure is vital to maximizing your company’s AI adoption

The AI video tool behind the most viral social trends right now

Got a new password manager? How to clean up the password mess you left in the cloud

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

User calls Windows 11 “pure horror,” Microsoft says it’s listening to feedback

John the Ripper is an advanced offline password cracker

CVE-2025-48067 – OctoPrint File Exfiltration Information Disclosure

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

Windows Central Podcast: Microsoft’s 50th Birthday Special

Multi Vulnerabilities Found in SonicWall SMA 100 Series Prompt Urgent Security Update

phởdav is a minimal WebDAV server

CVE-2025-3751 – Apache Web Server SQL Injection Vulnerability

CVE-2025-5544 – Aluoxiang OA System Path Traversal Vulnerability

The Front-End Monitoring Handbook: Track Performance, Errors, and User Behavior

AMD’s RTX 5060 Ti competitor is rumored to launch in a couple of months with 8GB and 16GB models

CVE-2022-25868 – Apache HTTP Server Directory Traversal

CVE-2025-48067 – OctoPrint File Exfiltration Information Disclosure

Related Posts