Tencent Xuanwu Lab has identified a high-severity vulnerability (CVE-2025-67303) in ComfyUI-Manager, the integrated extension component of the visual AI workflow tool ComfyUI. In out-of-the-box configurations, this flaw allows a remote attacker to compromise the system without any authentication. By bypassing security restrictions, an attacker can execute arbitrary code, leading to full server compromise.
The issue has been patched in the latest version of ComfyUI-Manager.

XLAB ID: XLAB-16-001     

CVE ID: CVE-2016-2408     

Patch Status: Fixed

XLAB ID: XLAB-15-025     

CVE ID: CVE-2015-1752     

Patch Status: Fixed

XLAB ID: XLAB-15-024     

CVE ID: CVE-2015-8459     

Patch Status: Fixed

XLAB ID: XLAB-15-017     

CVE ID: CVE-2015-8301     

Patch Status: fixed

XLAB ID: XLAB-15-022     

CVE ID: CVE-2015-7093     

Patch Status: Fixed

XLAB ID: XLAB-15-021     

CVE ID: CVE-2015-8693     

Patch Status: Unfixed

XLAB ID: XLAB-15-020     

CVE ID: CVE-2015-8695     

Patch Status: Unfixed

XLAB ID: XLAB-15-019     

CVE ID: Pending     

Patch Status: Unfixed

XLAB ID: XLAB-15-018     

CVE ID: CVE-2015-8691     

Patch Status: Unfixed