exploitDog

CVE-2025-67303

Опубликовано: 05 янв. 2026

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface

Ссылки

https://github.com/Comfy-Org/ComfyUI-Manager/blob/main/docs/en/v3.38-userdata-security-migration.md
Exploit
Third Party Advisory
https://github.com/Comfy-Org/ComfyUI-Manager/pull/2338/commits/e44c5cef58fb4973670b86433b9d24d077b44a26
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:comfy:comfyui-manager:*:*:*:*:*:*:*:*

Версия до 3.38 (исключая)

EPSS

Процентиль: 14%

0.00046

Низкий

7.5 High

CVSS3

Дефекты

CWE-420

Связанные уязвимости

GHSA-2hc9-cc65-xwj8

CVSS3: 7.5

github

около 1 месяца назад

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface

EPSS

Процентиль: 14%

0.00046

Низкий

7.5 High

CVSS3

Дефекты

CWE-420