CVE-2026-25505

{"id": "CVE-2026-25505", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-02-04T20:16:07.707", "references": [{"url": "https://github.com/maziggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2bf13d15/backend/app/core/auth.py#L28", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/maziggy/bambuddy/blob/main/CHANGELOG.md", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/maziggy/bambuddy/commit/a82f9278d2d587b7042a0858aab79fd8b6e3add9", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/maziggy/bambuddy/commit/c31f2968889c855f1ffacb700c2c9970deb2a6fb", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/maziggy/bambuddy/pull/225", "tags": ["Issue Tracking", "Patch"], "source": "[email protected]"}, {"url": "https://github.com/maziggy/bambuddy/releases/tag/v0.1.7", "tags": ["Product", "Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/maziggy/bambuddy/security/advisories/GHSA-gc24-px2r-5qmf", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-321"}]}], "descriptions": [{"lang": "en", "value": "Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7."}, {"lang": "es", "value": "Bambuddy es un sistema autoalojado de archivo y gesti\u00f3n de impresiones para impresoras 3D Bambu Lab. Antes de la versi\u00f3n 0.1.7, una clave secreta codificada utilizada para firmar JWTs est\u00e1 incluida en el c\u00f3digo fuente y las rutas de ManyAPI no verifican la autenticaci\u00f3n. Este problema ha sido parcheado en la versi\u00f3n 0.1.7."}], "lastModified": "2026-02-27T20:25:05.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bambuddy:bambuddy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58605F66-D3E4-45BE-A4BC-2E435EBD824B", "versionEndExcluding": "0.1.7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}