CVE-2026-25505

CRITICAL EPSS 49.4%
Published Feb 4, 20265mo ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Feb 4, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago

Description

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
49.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-306 Missing Authentication for Critical Function Authentication
CWE-321

Affected Products 1

VendorProductVersionRange
bambuddybambuddy* <0.1.7

References 7

  • github.com https://github.com/maziggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2bf13d15/backend/app/core/auth.py#L28
    Patch
  • github.com https://github.com/maziggy/bambuddy/blob/main/CHANGELOG.md
    Release Notes
  • github.com https://github.com/maziggy/bambuddy/commit/a82f9278d2d587b7042a0858aab79fd8b6e3add9
    Patch
  • github.com https://github.com/maziggy/bambuddy/commit/c31f2968889c855f1ffacb700c2c9970deb2a6fb
    Patch
  • github.com https://github.com/maziggy/bambuddy/pull/225
    Issue TrackingPatch
  • github.com https://github.com/maziggy/bambuddy/releases/tag/v0.1.7
    ProductRelease Notes
  • github.com https://github.com/maziggy/bambuddy/security/advisories/GHSA-gc24-px2r-5qmf
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/maziggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2bf13d15/backend/app/core/auth.py#L28
    Patch
  • github.com https://github.com/maziggy/bambuddy/commit/a82f9278d2d587b7042a0858aab79fd8b6e3add9
    Patch
  • github.com https://github.com/maziggy/bambuddy/commit/c31f2968889c855f1ffacb700c2c9970deb2a6fb
    Patch
  • github.com https://github.com/maziggy/bambuddy/pull/225
    Issue TrackingPatch