KEVIntel
PRO Back to KEVs
7.5
CVSS
High

CVE-2025-67303

PUBLISHED

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Comfy-Org
Product
ComfyUI-Manager
Published
Jan 05, 2026
EPSS
0.9% · 76% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot sensor data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface

nuclei_scanner

Weaknesses (CWE)

  • CWE-420

    The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

CVSS scores

CVSS v3.1 7.5 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitation status

Exploited in the wild

Recorded 2026-06-04 00:00:00 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
The Shadowserver (via CIRCL) First 2026-06-04 00:00 UTC

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-67303.yaml Jun 01, 2026

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel