ComfyUI-Manager RCE -CVE-2025-67303

Vendor Discription:-

ComfyUI-Manager is an extension designed to enhance the functionality and usability of the ComfyUI interface for AI image generation workflows. It provides tools for managing custom nodes, models, and updates directly from the web interface, simplifying maintenance and configuration tasks. The manager streamlines installation, version control, and dependency handling, making it easier for users to extend their AI pipelines. By centralizing resource management, it reduces manual configuration errors and improves operational efficiency. Overall, it serves as a convenience-focused management layer that improves workflow organization within the ComfyUI ecosystem.

CVE-2025-13780 Description:-

The identified vulnerability in ComfyUI-Manager is classified under CWE-420: Unprotected Alternate Channel, which occurs when an application secures its primary access path but fails to protect an alternate channel that provides equivalent access to sensitive resources.

ComfyUI-Manager stores critical configuration files and operational data in directories that are unintentionally exposed through its web interface. Although these files may be protected by system-level controls, the application does not enforce proper authorization checks when accessed via HTTP endpoints. This results in unauthorized access to sensitive resources through an alternate channel.

The vulnerability is remotely exploitable over the network and requires no authentication or user interaction. An attacker with network access to a vulnerable instance can access and modify configuration files by interacting with exposed web paths.

The root cause is insufficient access control and improper isolation between web-accessible components and internal configuration storage. This design weakness allows external access to files that should remain restricted.

Successful exploitation primarily affects system integrity, as attackers can alter application settings and operational data. Such modifications may disrupt normal operations or facilitate further compromise.

Given its unauthenticated, network-based nature and high integrity impact, this vulnerability poses a significant security risk and should be mitigated by enforcing strict authorization controls and isolating sensitive file storage from web-accessible endpoints.

Impact

1. Unauthorized Configuration Modification – Attackers can alter critical application settings, affecting system behavior.
2. Integrity Compromise – Malicious changes to configuration files may allow persistent manipulation of workflows or nodes.
3. Service Disruption – Incorrect or malicious configuration changes could break functionality or cause instability.
4. Potential Escalation Risk – Modified settings may enable further attacks or deeper system compromise.
5. Remote Exploitability – Since no authentication is required, exposure to untrusted networks significantly increases risk.

Mitigations

1. Enforce Authentication & Authorization – Require proper authentication for all web-accessible endpoints.
2. Restrict File Access – Ensure configuration directories are not directly accessible via the web interface.
3. Implement Access Control Checks – Apply strict role-based access control (RBAC) to sensitive operations.
4. Network Segmentation – Avoid exposing ComfyUI-Manager to the public internet; restrict access via firewall or VPN.
5. Input Validation & Path Sanitization – Prevent unauthorized file access through secure request handling.
6. Regular Security Audits & Updates – Review code for access control issues and apply security patches promptly.