Home

Description

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface

PUBLISHED Reserved 2025-12-08 | Published 2026-01-05 | Updated 2026-01-05 | Assigner mitre

References

github.com/...n/docs/en/v3.38-userdata-security-migration.md

github.com/...mmits/e44c5cef58fb4973670b86433b9d24d077b44a26

cve.org (CVE-2025-67303)

nvd.nist.gov (CVE-2025-67303)

Download JSON