CVE-2025-48879 is a medium severity vulnerability affecting OctoPrint versions up to and including 1.11.1. OctoPrint is a widely used open-source web interface for controlling 3D printers. The vulnerability arises from improper handling of multipart/form-data HTTP requests in the octoprint.server.util.tornado.UploadStorageFallbackHandler. Specifically, an unauthenticated attacker can send a malformed multipart/form-data request that lacks a proper end boundary. The request handler enters an endless busy loop waiting for the missing boundary, which never arrives. Since the underlying Tornado web server framework is single-threaded, this busy loop blocks the entire web server process, rendering the OctoPrint web interface unresponsive and effectively causing a denial of service (DoS). No authentication or user interaction is required to exploit this flaw, and it affects any endpoint handled by the vulnerable request handler. The vulnerability is classified under CWE-140 (Improper Neutralization of Delimiters) and CWE-835 (Loop with Unreachable Exit Condition). The issue was patched in OctoPrint version 1.11.2. The CVSS v3.1 base score is 6.5, reflecting a medium severity with no impact on confidentiality or integrity but a high impact on availability. No known exploits are reported in the wild as of now.

For European organizations using OctoPrint to manage 3D printing operations, this vulnerability poses a significant availability risk. An attacker can remotely cause the OctoPrint server to become unresponsive without authentication, disrupting printing workflows and potentially halting production lines that rely on 3D printing. This could impact rapid prototyping, manufacturing, and research activities. While there is no direct confidentiality or integrity compromise, the denial of service could lead to operational delays and financial losses. Organizations with critical or large-scale 3D printing deployments are particularly at risk. Additionally, since OctoPrint is often deployed in industrial and research environments, prolonged downtime could affect supply chains or delay product development. The lack of authentication requirement lowers the barrier for exploitation, increasing the likelihood of opportunistic attacks, especially in environments where OctoPrint instances are exposed to untrusted networks or the internet.

The primary mitigation is to upgrade all OctoPrint instances to version 1.11.2 or later, where the vulnerability is patched. Organizations should audit their deployments to identify any instances running vulnerable versions. If immediate upgrading is not feasible, network-level mitigations such as restricting access to OctoPrint servers via firewalls or VPNs can reduce exposure. Implementing web application firewalls (WAFs) that can detect and block malformed multipart/form-data requests may also help mitigate exploitation attempts. Monitoring OctoPrint server logs for unusual or malformed HTTP requests can provide early warning signs of exploitation attempts. Additionally, isolating OctoPrint servers from public networks and limiting access to trusted users reduces risk. Regularly updating and patching OctoPrint and its dependencies is critical to maintaining security posture.