Vulnerability Description
Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bambuddy | Bambuddy | < 0.1.7 |
Related Weaknesses (CWE)
References
- https://github.com/maziggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2bf13d1Patch
- https://github.com/maziggy/bambuddy/blob/main/CHANGELOG.mdRelease Notes
- https://github.com/maziggy/bambuddy/commit/a82f9278d2d587b7042a0858aab79fd8b6e3aPatch
- https://github.com/maziggy/bambuddy/commit/c31f2968889c855f1ffacb700c2c9970deb2aPatch
- https://github.com/maziggy/bambuddy/pull/225Issue TrackingPatch
- https://github.com/maziggy/bambuddy/releases/tag/v0.1.7ProductRelease Notes
- https://github.com/maziggy/bambuddy/security/advisories/GHSA-gc24-px2r-5qmfExploitVendor Advisory
FAQ
What is CVE-2026-25505?
CVE-2026-25505 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI ro...
How severe is CVE-2026-25505?
CVE-2026-25505 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-25505?
Check the references section above for vendor advisories and patch information. Affected products include: Bambuddy Bambuddy.