CVE-2025-62169 HIGH

CVE-2025-62169: OctoPrint-SpoolManager Plugin APIs do not enforce authentication

Vendor Wildrikku
Product OctoPrint-SpoolManager
Weakness CWE-287 · Improper authentication
Published October 23, 2025
Last update October 23, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks. This issue has been patched in versions 1.8.0a3 of the testing branch and 1.7.8 of the stable branch. The impact of this vulnerability is greatly reduced when using OctoPrint version 1.11.2 and newer.

Key dates

02Disclosure timeline

October 23, 2025 CVE published
October 23, 2025 Record updated