CVE-2025-6107

Name of the Vulnerable Software and Affected Versions comfyanonymous comfyui version 0.3.40

Description A vulnerability was found in the function set attr of the file /comfy/utils.py, which can lead to dynamically-determined object attributes. The attack can be launched remotely, but it has a high complexity and is considered difficult to exploit. The exploit has been disclosed to the public.

Recommendations For version 0.3.40, consider disabling the set attr function in the /comfy/utils.py file as a temporary workaround until a patch is available. Restrict access to the /comfy/utils.py file to minimize the risk of exploitation. Avoid using the set attr function remotely until the issue is resolved.