What is CVE-2025-6107 — dynamic attribute setting in ComfyUI?

CVE-2025-6107 is a vulnerability in ComfyUI versions 0.3.40–0.3.40 that allows attackers to manipulate object attributes, potentially leading to code execution or denial of service.

Am I affected by CVE-2025-6107 in ComfyUI?

You are affected if you are running ComfyUI version 0.3.40. Upgrade to version 0.3.41 to mitigate the risk.

How do I fix CVE-2025-6107 in ComfyUI?

Upgrade ComfyUI to version 0.3.41 or later. If immediate upgrade is not possible, implement input validation on attribute settings.

Is CVE-2025-6107 being actively exploited?

The exploit has been publicly disclosed, increasing the likelihood of exploitation. Monitor your systems for suspicious activity.

Where can I find the official ComfyUI advisory for CVE-2025-6107?

Refer to the comfyanonymous GitHub repository for updates and advisories related to CVE-2025-6107.

CVE-2025-6107 — Vulnerability Details

NEXTGUARD

Escanear gratis

CVE-2025-6107 — Vulnerability Details | NextGuard

Pasos de Deteccióntraduciendo…

• python / ComfyUI:

import os
import subprocess

# Check ComfyUI version
process = subprocess.Popen(['comfyui', '--version'], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = process.communicate()
version = stdout.decode('utf-8').strip()

if version == '0.3.40':
    print('Vulnerable ComfyUI version detected!')
else:
    print('ComfyUI version is not vulnerable.')

• python / ComfyUI: Monitor file system for modifications to /comfy/utils.py

import os
import time

file_path = '/comfy/utils.py'

while True:
    try:
        last_modified = os.path.getmtime(file_path)
        time.sleep(60)  # Check every minute
        current_modified = os.path.getmtime(file_path)
        if current_modified != last_modified:
            print(f'File {file_path} has been modified!')
            break
    except FileNotFoundError:
        print(f'File {file_path} not found.')
        break

comfyanonymous comfyui utils.py atributos de objeto determinados dinámicamente en set_attr

Impacto y Escenarios de Ataquetraduciendo…

Contexto de Explotacióntraduciendo…

Quién Está en Riesgotraduciendo…

Pasos de Deteccióntraduciendo…

Cronología del Ataque

Inteligencia de Amenazas

Software Afectado

Clasificación de Debilidad (CWE)

Cronología

Mitigación y Workaroundstraduciendo…

Cómo corregirlo

Boletín de seguridad CVE

Preguntas frecuentestraduciendo…

What is CVE-2025-6107 — dynamic attribute setting in ComfyUI?

Am I affected by CVE-2025-6107 in ComfyUI?

How do I fix CVE-2025-6107 in ComfyUI?

Is CVE-2025-6107 being actively exploited?

Where can I find the official ComfyUI advisory for CVE-2025-6107?

¿Tu proyecto está afectado?

Detecta esta CVE en tu proyecto