CVE-2025-64187

Name of the Vulnerable Software and Affected Versions OctoPrint versions 1.11.3 and below

Description OctoPrint, a web interface for controlling 3D printers, is affected by an issue that allows the injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups. An attacker could exploit this by convincing a victim to print a specially crafted file, potentially disrupting prints or extracting information, including sensitive configuration settings if the user has the necessary permissions. The issue affects the web interface and could allow an attacker to perform actions on behalf of the targeted user within the OctoPrint instance.

Recommendations Update to version 1.11.4 or later.