Cyber Resilience

CVE-2025-48067

Medium

Published: 10 June 2025

Published
10 June 2025
Modified
12 August 2025
KEV Added
Patch
CVSS Score v3.1 5.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L
EPSS Score 0.0010 27.5th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-48067 is a medium-severity External Control of File Name or Path (CWE-73) vulnerability in Octoprint Octoprint. Its CVSS base score is 5.4 (Medium).

Operationally, ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to,…

more

by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

octoprint
octoprint
≤ 1.11.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-73

Rejects externally supplied file or resource identifiers that fail validity checks.

References