cvedb.io
CVE-2026-25505
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-02-04T20:16:07.707 · Last modified 2026-06-17T10:24:45.317

Summary

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.

Affected products

bambuddy — bambuddy

Does this affect you?

Add your gear to cvedb and we'll alert you only when bambuddy ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.