High severityOSV Advisory· Published Jan 5, 2026· Updated Jan 5, 2026
CVE-2025-67303
CVE-2025-67303
Description
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
comfyui-managerPyPI | < 3.38 | 3.38 |
Affected products
2- Range: 2.48.1, 3.10, 3.11, …
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-95pq-hr8p-f5g7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-67303ghsaADVISORY
- github.com/Comfy-Org/ComfyUI-Manager/blob/main/docs/en/v3.38-userdata-security-migration.mdghsaWEB
- github.com/Comfy-Org/ComfyUI-Manager/pull/2338/commits/e44c5cef58fb4973670b86433b9d24d077b44a26ghsaWEB
- github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-95pq-hr8p-f5g7ghsaWEB
News mentions
0No linked articles in our index yet.