Description

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a malicious component in the expected location, which is controllable by the attacker (e.g., under %APPDATA%), resulting in code execution within the context of the user. The main application is digitally signed, which may allow a malicious component to inherit trust and evade detection by security solutions that rely on signed parent processes.

INFO

Published Date :

2025-10-21T00:00:00.000Z

Last Modified :

2025-10-22T19:11:33.350Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-57521 vulnerability.

Vendors Products
Bambulab
  • Bambu Studio
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-57521.

URL Resource
https://github.com/bambulab/BambuStudio/issues/7405 cve-icon cve-icon
https://github.com/piuppi/Proof-of-Concepts/blob/main/Bambu%20Lab/Bambu%20Studio/README.md cve-icon cve-icon
https://wiki.bambulab.com/en/software/bambu-studio/release/release-note-2-3-0 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact