CVE-2025-67303 is a high-severity security vulnerability in comfyui-manager (pip), affecting versions < 3.38. It is fixed in 3.38.
Impact An Unprotected Alternate Channel (CWE-420) vulnerability was discovered in ComfyUI-Manager versions prior to 3.38. Vulnerability Details In affected versions, ComfyUI-Manager stored its configuration in the user/default/ComfyUI-Manager/ directory, which was accessible via ComfyUI's web APIs without proper access control. This unprotected alternate channel allowed remote attackers to read and manipulate configuration files and critical data through the web interface. Potential Attack Scenarios An attacker exploiting this vulnerability could: Modify security settings: Lower the security level from "strong" to "weak" to enable more dangerous operations Tamper with custom node sources: Add malicious custom node repositories Manipulate snapshot data: Corrupt or alter system snapshots Change manager behavior: Alter various manager configuration settings Affected Configurations | Configuration | Risk Level | |---------------|------------| | Systems running with --listen 0.0.0.0 (externally exposed) | HIGH | | Systems behind reverse proxy without proper access control | MEDIUM | | Local-only installations (default, localhost only) | NOT AFFECTED | Patches This issue has been patched in ComfyUI-Manager version 3.38. Requirements | Component | Minimum Version | Notes | |-----------|-----------------|-------| | ComfyUI | v0.3.76+ | Required for System User Protection API | | ComfyUI-Manager | v3.38+ | Contains the security fix | What the Patch Does Path Migration: Configuration files moved from unprotected user/default/ComfyUI-Manager/ to protected user/manager/ Protected Directory: The new manager/ directory leverages ComfyUI's System User Protection API, which blocks external web API access Security Level Enforcement: Settings below "normal" are automatically raised to "normal" during migration Legacy Backup: Old data is backed up to .legacy-manager-backup/ with startup reminders until manually deleted Fallback Protection: If ComfyUI < v0.3.76, Manager forces "strong" security mode, blocking new installations until ComfyUI is updated Patch Details Commit: aaed1dc Pull Request: ComfyUI-Manager/#2338 ComfyUI/#10966 Changes: +780 lines, −61 lines across 13 files Workarounds If immediate upgrade is not possible, apply the following mitigations: | Mitigation | Effectiveness | Effort | |------------|---------------|--------| | Remove --listen 0.0.0.0 flag (use localhost only) | HIGH | Low | | Implement firewall rules to block external access to ComfyUI ports | HIGH | Medium | | Use reverse proxy with authentication (e.g., nginx + basic auth) | HIGH | Medium | | Restrict network access to trusted IPs only | MEDIUM | Low | Note: These are temporary mitigations. Upgrading to v3.38+ is strongly recommended. Resources NVD - CVE-2025-67303 ComfyUI-Manager v3.38 Security Migration Guide Patch Pull Request ComfyUI-Manager/#2338 Patch Pull Request ComfyUI/#10966 Credit This vulnerability was reported by Ricter Zheng (ricterzheng / 郑杜涛) from Tencent Xuanwu Lab <[email protected]>
CVE-2025-67303 has a CVSS score of 7.5 (High). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment.
A fixed version is available (3.38). Upgrading removes the vulnerable code path.
pip
comfyui-manager (< 3.38)comfyui-manager → 3.38 (pip)Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter instead of chasing every advisory.
Kodem's runtime-powered SCA identifies whether CVE-2025-67303 is reachable in your applications. Explore open-source security for your team.
See if CVE-2025-67303 is reachable in your applications. Get a demo
Already deployed Kodem? See CVE-2025-67303 in your environment →Upgrade comfyui-manager to 3.38 or later to resolve this vulnerability.
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
CVE-2025-67303 is a high-severity security vulnerability in comfyui-manager (pip), affecting versions < 3.38. It is fixed in 3.38.
CVE-2025-67303 has a CVSS score of 7.5 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
comfyui-manager (pip) versions < 3.38 is affected.
Yes. CVE-2025-67303 is fixed in 3.38. Upgrade to this version or later.
Whether CVE-2025-67303 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
Upgrade comfyui-manager to 3.38 or later.