CVE-2026-25505

Summary

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.

Affected Software

VendorProductVersion RangeStatus
maziggybambuddy< 0.1.7affected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function
  • CWE-321: CWE-321: Use of Hard-coded Cryptographic Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References