What is the CVSS score of CVE-2025-48879?

CVE-2025-48879 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Octoprint are affected by CVE-2025-48879?

Organizations using OctoPrint versions up until and including 1.11.1 contain a vulnerability that should be aware of notable risk from CVE-2025-48879 rated CVSS 6.5.. A patch is available.

How to fix or mitigate CVE-2025-48879?

Within 30 days: Identify affected systems running a vulnerability that allows any unauthenticated attacker to and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Octoprint CVE-2025-48879

EUVD-2025-17675 MEDIUM

Improper Neutralization of Delimiters (CWE-140)

2025-06-10 security-advisories@github.com

GHSA-9wj4-8h85-pgrw

Information Disclosure Debian Octoprint

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17675

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

Patch released

Mar 14, 2026 - 19:49 nvd

Patch available

CVE Published

Jun 10, 2025 - 16:15 nvd

MEDIUM 6.5

DescriptionNVD

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken multipart/form-data request lacking an end boundary to any of OctoPrint's endpoints implemented through the octoprint.server.util.tornado.UploadStorageFallbackHandler request handler. The request handler will get stuck in an endless busy loop, looking for a part of the request that will never come. As Tornado is single-threaded, that will effectively block the whole web server. The vulnerability has been patched in version 1.11.2.

AnalysisAI

A security vulnerability in OctoPrint versions up until and including 1.11.1 contain a vulnerability that (CVSS 6.5) that allows any unauthenticated attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Technical ContextAI

Vulnerability type not specified by vendor. Affects OctoPrint versions up until and including 1.11.1 contain a vulnerability that.

RemediationAI

Apply the vendor-supplied patch immediately.

More from same product – last 7 days

CVE-2026-47269 HIGH This Week

7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH

CVE-2026-47271 MEDIUM This Month

5.1 May 27

pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str

CVE-2026-45898 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin

CVE-2026-45924 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbd_vfs_kern_path_end_removing() on s

CVE-2026-45965 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix invalid deref of rawdata when export_

Vendor StatusVendor

Debian

Bug #718591

octoprint

Release	Status	Fixed Version	Urgency
	open	-	-

CVE-2025-48879 vulnerability details – vuln.today

Back

Octoprint CVE-2025-48879

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Debian

Share

External POC / Exploit Code