CVE-2025-62169

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-62169
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-62169.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-62169
Aliases
  • GHSA-2rrc-f24f-94f6
Published
2025-10-23T16:09:19Z
Modified
2025-10-23T19:57:49.083757Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
OctoPrint-SpoolManager Plugin APIs do not enforce authentication
Details

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks. This issue has been patched in versions 1.8.0a3 of the testing branch and 1.7.8 of the stable branch. The impact of this vulnerability is greatly reduced when using OctoPrint version 1.11.2 and newer.

Database specific 
{
    "cwe_ids": [
        "CWE-287"
    ]
}
References

Affected packages

Git / github.com/wildrikku/octoprint-spoolmanager

Affected ranges

Type
GIT
Repo
https://github.com/wildrikku/octoprint-spoolmanager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
267c0a331223aa10199dfc8199daec351aa3d65c
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.8.0a3"
        }
    ]
}
Type
GIT
Repo
https://github.com/wildrikku/octoprint-spoolmanager
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
26af7f38a9ce41227af5aa29320fd2ec94333e34
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.7.8"
        }
    ]
}

Affected versions

1.*

1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.8.0-alpha
1.8.0a1
1.8.0a2
1.8.0alpha