CVE-2025-67303: ComfyUI-Manager: Configuration File Exposure via Web-Accessible Path
CVE-2025-67303 is verified against ComfyUI-Manager · pip affected versions: < 3.38 fixed version: 3.38 This high reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00052.
pruva-verify REPRO-2026-00052 curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00052/artifacts/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface
Prior to 3.38, ComfyUI-Manager stored its configuration/critical data in a location served by the ComfyUI web interface, enabling remote unauthenticated access and potential overwrite/manipulation via HTTP.
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.
No artifacts available