PT-2025-43530 · Octoprint+1 · Octoprint+1
Published
2025-10-23
·
Updated
2025-10-28
·
CVE-2025-62169
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OctoPrint-SpoolManager versions 1.7.7 and older
OctoPrint-SpoolManager versions 1.8.0a2 and older
Description
The APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks. This allows unauthorized access to spool management functionalities. The impact is reduced when using OctoPrint version 1.11.2 and newer. The plugin is used for managing spools and their usage metadata.
Recommendations
Update to OctoPrint-SpoolManager version 1.7.8 or later.
Update to OctoPrint-SpoolManager version 1.8.0a3 or later.
Use OctoPrint version 1.11.2 or newer to reduce the impact.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Octoprint
Octoprint-Spoolmanager