Octoprint
Monthly
OctoPrint versions up to 1.11.5 contain a timing attack vulnerability in API key validation that enables remote extraction of valid API keys through network-based response time analysis. An unauthenticated attacker with network access can exploit the character-by-character comparison method to gradually recover API keys by measuring authentication response delays. The attack's practicality depends heavily on network conditions, but a patch is available in version 1.11.6.
OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.
OctoPrint provides a web interface for controlling consumer 3D printers. Rated high severity (CVSS 7.5), this vulnerability is low attack complexity. Public exploit code available.
A security vulnerability in OctoPrint versions up until and including 1.11.1 contain a vulnerability that (CVSS 6.5) that allows any unauthenticated attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2025-48067 is a security vulnerability (CVSS 5.4) that allows an attacker with the file_upload permission. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.
OctoPrint versions up to 1.11.5 contain a timing attack vulnerability in API key validation that enables remote extraction of valid API keys through network-based response time analysis. An unauthenticated attacker with network access can exploit the character-by-character comparison method to gradually recover API keys by measuring authentication response delays. The attack's practicality depends heavily on network conditions, but a patch is available in version 1.11.6.
OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.
OctoPrint provides a web interface for controlling consumer 3D printers. Rated high severity (CVSS 7.5), this vulnerability is low attack complexity. Public exploit code available.
A security vulnerability in OctoPrint versions up until and including 1.11.1 contain a vulnerability that (CVSS 6.5) that allows any unauthenticated attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2025-48067 is a security vulnerability (CVSS 5.4) that allows an attacker with the file_upload permission. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
OctoPrint provides a web interface for controlling consumer 3D printers. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.