Vulnerability in Phoenix616 Inventorygui

CVE-2025-62782

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.3-SNAPSHOT and earlier contain a vulnerability where GUIs using GuiStorageElement can allow item duplication when the experimental Bundle item featur…

EPSS: 0.000 (4.1th percentile) — read the EPSS interpretation.

Affected products

Phoenix616 Inventorygui — versions < 1.6.4-SNAPSHOT

Weakness classification (CWE)

CWE-837

References

https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-rgvh-4m82-fvjq (x_refsource_CONFIRM)
https://github.com/Phoenix616/InventoryGui/issues/51 (x_refsource_MISC)
https://github.com/Phoenix616/InventoryGui/commit/00e684bd689ebc60bcb5b83ce4ef3c5a01778494 (x_refsource_MISC)