Skip to main content

EUVD-2025-18364

| CVE-2025-6107 LOW
Improper Control of Dynamically-Managed Code Resources (CWE-913)
2025-06-16 cna@vuldb.com
Information Disclosure
1.3
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.3 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

5
CVSS changed
Apr 29, 2026 - 01:11 NVD
3.1 (LOW) 1.3 (LOW)
EUVD ID Assigned
Mar 14, 2026 - 21:59 euvd
EUVD-2025-18364
Analysis Generated
Mar 14, 2026 - 21:59 vuln.today
PoC Detected
Jun 16, 2025 - 12:32 vuln.today
Public exploit code
CVE Published
Jun 16, 2025 - 05:15 nvd
LOW 3.1

DescriptionCVE.org

A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

A security vulnerability in A vulnerability (CVSS 3.1). Risk factors: public PoC available.

Technical ContextAI

Vulnerability type not specified by vendor. Affects A vulnerability.

RemediationAI

Monitor vendor channels for patch availability.

Share

EUVD-2025-18364 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy