CVE-2025-48879: CWE-140: Improper Neutralization of Delimiters in OctoPrint OctoPrint
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken multipart/form-data request lacking an end boundary to any of OctoPrint's endpoints implemented through the octoprint.server.util.tornado.UploadStorageFallbackHandler request handler. The request handler will get stuck in an endless busy loop, looking for a part of the request that will never come. As Tornado is single-threaded, that will effectively block the whole web server. The vulnerability has been patched in version 1.11.2.
AI Analysis
Technical Summary
CVE-2025-48879 is a medium severity vulnerability affecting OctoPrint versions up to and including 1.11.1. OctoPrint is a widely used open-source web interface for controlling 3D printers. The vulnerability arises from improper handling of multipart/form-data HTTP requests in the octoprint.server.util.tornado.UploadStorageFallbackHandler. Specifically, an unauthenticated attacker can send a malformed multipart/form-data request that lacks a proper end boundary. The request handler enters an endless busy loop waiting for the missing boundary, which never arrives. Since the underlying Tornado web server framework is single-threaded, this busy loop blocks the entire web server process, rendering the OctoPrint web interface unresponsive and effectively causing a denial of service (DoS). No authentication or user interaction is required to exploit this flaw, and it affects any endpoint handled by the vulnerable request handler. The vulnerability is classified under CWE-140 (Improper Neutralization of Delimiters) and CWE-835 (Loop with Unreachable Exit Condition). The issue was patched in OctoPrint version 1.11.2. The CVSS v3.1 base score is 6.5, reflecting a medium severity with no impact on confidentiality or integrity but a high impact on availability. No known exploits are reported in the wild as of now.
Potential Impact
For European organizations using OctoPrint to manage 3D printing operations, this vulnerability poses a significant availability risk. An attacker can remotely cause the OctoPrint server to become unresponsive without authentication, disrupting printing workflows and potentially halting production lines that rely on 3D printing. This could impact rapid prototyping, manufacturing, and research activities. While there is no direct confidentiality or integrity compromise, the denial of service could lead to operational delays and financial losses. Organizations with critical or large-scale 3D printing deployments are particularly at risk. Additionally, since OctoPrint is often deployed in industrial and research environments, prolonged downtime could affect supply chains or delay product development. The lack of authentication requirement lowers the barrier for exploitation, increasing the likelihood of opportunistic attacks, especially in environments where OctoPrint instances are exposed to untrusted networks or the internet.
Mitigation Recommendations
The primary mitigation is to upgrade all OctoPrint instances to version 1.11.2 or later, where the vulnerability is patched. Organizations should audit their deployments to identify any instances running vulnerable versions. If immediate upgrading is not feasible, network-level mitigations such as restricting access to OctoPrint servers via firewalls or VPNs can reduce exposure. Implementing web application firewalls (WAFs) that can detect and block malformed multipart/form-data requests may also help mitigate exploitation attempts. Monitoring OctoPrint server logs for unusual or malformed HTTP requests can provide early warning signs of exploitation attempts. Additionally, isolating OctoPrint servers from public networks and limiting access to trusted users reduces risk. Regularly updating and patching OctoPrint and its dependencies is critical to maintaining security posture.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Belgium, Poland, Spain, Finland
CVE-2025-48879: CWE-140: Improper Neutralization of Delimiters in OctoPrint OctoPrint
Description
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken multipart/form-data request lacking an end boundary to any of OctoPrint's endpoints implemented through the octoprint.server.util.tornado.UploadStorageFallbackHandler request handler. The request handler will get stuck in an endless busy loop, looking for a part of the request that will never come. As Tornado is single-threaded, that will effectively block the whole web server. The vulnerability has been patched in version 1.11.2.
AI-Powered Analysis
Technical Analysis
CVE-2025-48879 is a medium severity vulnerability affecting OctoPrint versions up to and including 1.11.1. OctoPrint is a widely used open-source web interface for controlling 3D printers. The vulnerability arises from improper handling of multipart/form-data HTTP requests in the octoprint.server.util.tornado.UploadStorageFallbackHandler. Specifically, an unauthenticated attacker can send a malformed multipart/form-data request that lacks a proper end boundary. The request handler enters an endless busy loop waiting for the missing boundary, which never arrives. Since the underlying Tornado web server framework is single-threaded, this busy loop blocks the entire web server process, rendering the OctoPrint web interface unresponsive and effectively causing a denial of service (DoS). No authentication or user interaction is required to exploit this flaw, and it affects any endpoint handled by the vulnerable request handler. The vulnerability is classified under CWE-140 (Improper Neutralization of Delimiters) and CWE-835 (Loop with Unreachable Exit Condition). The issue was patched in OctoPrint version 1.11.2. The CVSS v3.1 base score is 6.5, reflecting a medium severity with no impact on confidentiality or integrity but a high impact on availability. No known exploits are reported in the wild as of now.
Potential Impact
For European organizations using OctoPrint to manage 3D printing operations, this vulnerability poses a significant availability risk. An attacker can remotely cause the OctoPrint server to become unresponsive without authentication, disrupting printing workflows and potentially halting production lines that rely on 3D printing. This could impact rapid prototyping, manufacturing, and research activities. While there is no direct confidentiality or integrity compromise, the denial of service could lead to operational delays and financial losses. Organizations with critical or large-scale 3D printing deployments are particularly at risk. Additionally, since OctoPrint is often deployed in industrial and research environments, prolonged downtime could affect supply chains or delay product development. The lack of authentication requirement lowers the barrier for exploitation, increasing the likelihood of opportunistic attacks, especially in environments where OctoPrint instances are exposed to untrusted networks or the internet.
Mitigation Recommendations
The primary mitigation is to upgrade all OctoPrint instances to version 1.11.2 or later, where the vulnerability is patched. Organizations should audit their deployments to identify any instances running vulnerable versions. If immediate upgrading is not feasible, network-level mitigations such as restricting access to OctoPrint servers via firewalls or VPNs can reduce exposure. Implementing web application firewalls (WAFs) that can detect and block malformed multipart/form-data requests may also help mitigate exploitation attempts. Monitoring OctoPrint server logs for unusual or malformed HTTP requests can provide early warning signs of exploitation attempts. Additionally, isolating OctoPrint servers from public networks and limiting access to trusted users reduces risk. Regularly updating and patching OctoPrint and its dependencies is critical to maintaining security posture.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-05-27T20:14:34.296Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68487f531b0bd07c39389f1d
Added to database: 6/10/2025, 6:54:11 PM
Last enriched: 7/11/2025, 9:47:32 PM
Last updated: 8/11/2025, 12:19:17 AM
Views: 12
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.