What is CVE-2025-48879?

CVE-2025-48879 is a medium-severity vulnerability in Octoprint, classified under CWE-140. CVSS score: 6.5/10. Published 2025-06-10.

How severe is CVE-2025-48879?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Octoprint

CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become u…

EPSS: 0.000 (14.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Octoprint — versions < 1.11.2

Weakness classification (CWE)

References

https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-9wj4-8h85-pgrw (x_refsource_CONFIRM)
https://github.com/OctoPrint/OctoPrint/commit/c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-48879?: CVE-2025-48879 is a medium-severity vulnerability in Octoprint, classified under CWE-140. CVSS score: 6.5/10. Published 2025-06-10.
How severe is CVE-2025-48879?: Medium severity. CVSS v3 base score is 6.5 out of 10.