CVE-2025-64187 – OctoPrint versions 1.11.3 and below contain a c... (How to Fix)

Q: What is the severity of CVE-2025-64187?

CVE-2025-64187 has a CVSS score of 4.4 (MEDIUM). OctoPrint versions 1.11.3 and below contain a cross-site scripting (XSS) vulnerability in Action Command notifications and prompts. An attacker can craft a malicious 3D printing file that, when printed, injects HTML/JavaScript to disrupt prints, steal configuration data, or perform actions as the user. Users running vulnerable OctoPrint instances are affected.

📋 TL;DR

OctoPrint versions 1.11.3 and below contain a cross-site scripting (XSS) vulnerability in Action Command notifications and prompts. An attacker can craft a malicious 3D printing file that, when printed, injects HTML/JavaScript to disrupt prints, steal configuration data, or perform actions as the user. Users running vulnerable OctoPrint instances are affected.

💻 Affected Systems

Products:

OctoPrint

Versions: 1.11.3 and below

Operating Systems: All platforms running OctoPrint

Default Config Vulnerable: ⚠️ Yes

Notes: All OctoPrint installations with Action Command functionality enabled (default) are vulnerable.

📦 What is this software?

Octoprint by Octoprint

View all CVEs affecting Octoprint →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control of OctoPrint instance, extracts sensitive configuration data, disrupts critical prints, and performs arbitrary actions as the authenticated user.

🟠

Likely Case

Print disruption and limited information disclosure from configuration files accessible to the user's permissions.

🟢

If Mitigated

Minimal impact if OctoPrint is isolated on internal network and users only print trusted files.

🌐 Internet-Facing: MEDIUM - Requires user interaction (printing malicious file) but could lead to significant impact if exploited.

🏢 Internal Only: LOW - Requires physical/network access to submit malicious print files, reducing attack surface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires convincing a user to print a malicious file and depends on user permissions within OctoPrint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.11.4

Vendor Advisory: https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-crvm-xjhm-9h29

Restart Required: Yes

Instructions:

1. Backup your OctoPrint configuration. 2. Update OctoPrint using the built-in updater or manual installation. 3. Restart the OctoPrint service.

🔧 Temporary Workarounds

Disable Action Commands

all

Temporarily disable Action Command functionality to prevent exploitation.

Edit OctoPrint config.yaml and set 'enableActionCommands: false' under 'serial' section

Restrict File Uploads

all

Only allow printing from trusted sources and disable untrusted file uploads.

🧯 If You Can't Patch

Isolate OctoPrint instance on internal network only
Implement strict access controls and monitor for unusual print files

🔍 How to Verify

Check if Vulnerable:

Check OctoPrint version in web interface or via command line.

Check Version:

python -c "import octoprint; print(octoprint.__version__)"

Verify Fix Applied:

Confirm version is 1.11.4 or higher and test Action Command functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual Action Command patterns in OctoPrint logs
Multiple failed print attempts from suspicious files

Network Indicators:

Unexpected external connections from OctoPrint instance

SIEM Query:

source="octoprint.log" AND "Action Command" AND ("script" OR "alert" OR unusual_pattern)

📊 Metadata

CVE ID: CVE-2025-64187

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-80

EPSS Score: 0.03% exploit probability (6.3th percentile)

Published: November 7, 2025

Last Updated: December 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64187, you might also want to check these: