CVE-2025-6107 | comfyanonymous comfyui 0.3.40 /comfy/utils.py set_attr dynamically-determined object attributes

Inserito da Angelo Barbosa | Giu 15, 2025 | CVE

A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes.

This vulnerability is traded as CVE-2025-6107. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-6107 | comfyanonymous comfyui 0.3.40 /comfy/utils.py set_attr dynamically-determined object attributes

Post correlati

CVE-2023-40250 | Hancom HCell 12.0.0.893 on Windows buffer overflow

CVE-2025-32403 | RT-Labs P-Net up to 1.0.1 RPC Packet out-of-bounds write

CVE-2024-42636 | DedeCMS 5.7.115 file_manage_view.php command injection

CVE-2024-6555 | WP Popups Plugin up to 2.2.0.1 on WordPress information disclosure