CVE-2025-48067 – OctoPrint File Exfiltration Information Disclosure

June 10, 2025

CVE ID : CVE-2025-48067

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48879 – OctoPrint Denial of Service (DoS) Vulnerability

Next Article CVE-2025-47110 – Adobe Commerce Stored Cross-Site Scripting (XSS) Vulnerability

Highlights

CVE-2025-5022 – Mitsubishi Electric Corporation EcoGuideTAB PV-DR004J/PV-DR004JA Wi-Fi Password Derivation Vulnerability

July 10, 2025

CVE ID : CVE-2025-5022

Published : July 10, 2025, 9:15 a.m. | 4 hours, 51 minutes ago

Description : Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product (measurement unit and display unit) to derive the password from the SSID. However, the product is not affected by this vulnerability when it remains unused for a certain period of time (default: 5 minutes) and enters the power-saving mode with the display unit’s LCD screen turned off. The affected products discontinued in 2015, support ended in 2020.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Optimizely Mission Control – Part III

Optimizely Mission Control – Part III

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

CVE-2025-48067 – OctoPrint File Exfiltration Information Disclosure

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Phish Allergy – Recognizing Phishing Messages

CVE-2025-47163 – Microsoft Office SharePoint Remote Code Execution Vulnerability

CVE-2025-47889 – Jenkins WSO2 Oauth Plugin Authentication Bypass Vulnerability

Xbox’s Call of Duty devs say “we’re committed” to Nintendo Switch 2 releases, but what about Black Ops 7?

CVE-2025-5022 – Mitsubishi Electric Corporation EcoGuideTAB PV-DR004J/PV-DR004JA Wi-Fi Password Derivation Vulnerability

Citations with Amazon Nova understanding models

Qt Creator 17 Ushers in a Fresh Look and Stronger CMake Integration

Vivaldi 7.5 launches with colored tab stacks and sharper privacy tools

CVE-2025-48067 – OctoPrint File Exfiltration Information Disclosure

Related Posts