Detections
Analytics

CVE-2025-62784

medium

Description

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions before 1.6.5 contain a vulnerability where any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.5.

References

https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-7whh-79j3-7c55

https://github.com/Phoenix616/InventoryGui/commit/690fc91d137c6cc04f6ed3a89449050964dd8cb9

Details

Source: Mitre, NVD

Published: 2025-10-27

Updated: 2025-10-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Severity: Medium

EPSS

EPSS: 0.00042