CVE-2025-45468 – Insecure permissions in fc-stable-diffusion-plu... (How to Fix)

Q: What is the severity of CVE-2025-45468?

CVE-2025-45468 has a CVSS score of 8.8 (HIGH). Insecure permissions in fc-stable-diffusion-plus v1.0.18 allow attackers to escalate privileges and potentially compromise cloud accounts. This affects users running the vulnerable version of this software, particularly in cloud environments where the software has access to customer cloud resources.

📋 TL;DR

Insecure permissions in fc-stable-diffusion-plus v1.0.18 allow attackers to escalate privileges and potentially compromise cloud accounts. This affects users running the vulnerable version of this software, particularly in cloud environments where the software has access to customer cloud resources.

💻 Affected Systems

Products:

fc-stable-diffusion-plus

Versions: v1.0.18

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of this version.

📦 What is this software?

Fc Stable Diffusion by Devsapp

View all CVEs affecting Fc Stable Diffusion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the cloud account where the software runs, allowing attackers to access sensitive data, deploy malicious resources, or incur financial costs.

🟠

Likely Case

Unauthorized access to cloud resources and data, potentially leading to data exfiltration or service disruption.

🟢

If Mitigated

Limited impact if proper access controls and network segmentation are in place, though the vulnerability still presents a risk.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

The GitHub gist provides technical details that could facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Check for an updated version from the vendor. If unavailable, apply workarounds or consider alternative software.

🔧 Temporary Workarounds

Restrict File Permissions

linux

Manually adjust file and directory permissions to prevent unauthorized access.

chmod 750 /path/to/fc-stable-diffusion-plus
chown root:root /path/to/fc-stable-diffusion-plus

Implement Least Privilege

all

Run the software with minimal necessary permissions and restrict cloud account access.

🧯 If You Can't Patch

Isolate the software in a restricted network segment with no internet access.
Monitor cloud account activity logs for unauthorized access attempts.

🔍 How to Verify

Check if Vulnerable:

Check the software version; if it is v1.0.18, it is vulnerable.

Check Version:

Check the software documentation or configuration files for version information.

Verify Fix Applied:

Verify that file permissions are secure (e.g., 750 for directories, 640 for files) and the software is not running with excessive privileges.

📡 Detection & Monitoring

Log Indicators:

Unusual file permission changes
Unauthorized access attempts to cloud resources from the software's host

Network Indicators:

Unexpected outbound connections from the software to cloud APIs

SIEM Query:

source="cloud_logs" AND (eventType="PermissionChange" OR eventType="UnauthorizedAccess") AND resource="fc-stable-diffusion-plus"

📊 Metadata

CVE ID: CVE-2025-45468

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

EPSS Score: 0.08% exploit probability (22.4th percentile)

Published: May 22, 2025

Last Updated: October 21, 2025

🔗 References

https://gist.github.com/zolaer9527/fda954ea6ab9a34b3d3de35e7131e3e1 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45468, you might also want to check these: