CVE-2025-57521

Published: Oct 21, 2025

Modified: Oct 22, 2025

PUBLISHED

Description

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a malicious component in the expected location, which is controllable by the attacker (e.g., under %APPDATA%), resulting in code execution within the context of the user. The main application is digitally signed, which may allow a malicious component to inherit trust and evade detection by security solutions that rely on signed parent processes.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/bambulab/BambuStudio/issues/7405

https://github.com/piuppi/Proof-of-Concepts/blob/main/Bambu%20Lab/Bambu%20Studio/README.md

https://wiki.bambulab.com/en/software/bambu-studio/release/release-note-2-3-0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57521

Description

Affected Products

References