CVE-2025-67303: ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)
An Unprotected Alternate Channel (CWE-420) vulnerability was discovered in ComfyUI-Manager versions prior to 3.38.
References
- github.com/Comfy-Org/ComfyUI-Manager/blob/main/docs/en/v3.38-userdata-security-migration.md
- github.com/Comfy-Org/ComfyUI-Manager/pull/2338/commits/e44c5cef58fb4973670b86433b9d24d077b44a26
- github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-95pq-hr8p-f5g7
- github.com/advisories/GHSA-95pq-hr8p-f5g7
- nvd.nist.gov/vuln/detail/CVE-2025-67303
Code Behaviors & Features
Detect and mitigate CVE-2025-67303 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →