CVE-2025-6107 | comfyanonymous comfyui 0.3.40 /comfy/utils.py set_attr dynamically-determined object attributes

Inserito da Angelo Barbosa | Giu 15, 2025 | CVE

A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes.

This vulnerability is traded as CVE-2025-6107. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-6107 | comfyanonymous comfyui 0.3.40 /comfy/utils.py set_attr dynamically-determined object attributes

Post correlati

CVE-2024-3897 | Popup Box Plugin up to 4.3.6 on WordPress authorization

CVE-2024-4803 | Kashipara College Management System 1.0 submit_admin.php phone sql injection

CVE-2024-41674 | ckan up to 2.10.4 package_search information exposure (GHSA-2rqw-cfhc-35fh)

CVE-2024-20117 | MediaTek MT8789 Vdec out-of-bounds (MSV-1681 / ALPS09008925)