Item Duplication via GuiStorageElement Bundle in InventoryGui before 1.6.2
CVE-2025-62783 Published on October 27, 2025

InventoryGui affected by item duplication in GUIs which use GuiStorageElement
InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions 1.6.1-SNAPSHOT and earlier contain a vulnerability where any plugin using the `GuiStorageElement can allow item duplication when the experimental Bundle item feature is enabled on the server. The vulnerability is resolved in version 1.6.2-SNAPSHOT.

Github Repository NVD

Vulnerability Analysis

CVE-2025-62783 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

Improper Enforcement of a Single, Unique Action

The software requires that an actor should only be able to perform an action once, or to have only one unique action, but the software does not enforce or improperly enforces this restriction. In various applications, a user is only expected to perform a certain action once, such as voting, requesting a refund, or making a purchase. When this restriction is not enforced, sometimes this can have security implications. For example, in a voting application, an attacker could attempt to "stuff the ballot box" by voting multiple times. If these votes are counted separately, then the attacker could directly affect who wins the vote. This could have significant business impact depending on the purpose of the software.


Products Associated with CVE-2025-62783

Want to know whenever a new CVE is published for Phoenix616 Inventorygui? stack.watch will email you.

Phoenix616 Inventorygui
 

Affected Versions

Phoenix616 InventoryGui Version < 1.6.2-SNAPSHOT is affected by CVE-2025-62783

Vulnerable Packages

The following package name and versions may be associated with CVE-2025-62783

Package Manager Vulnerable Package Versions Fixed In
maven de.themoep:inventorygui <= 1.6.1-SNAPSHOT 1.6.2-SNAPSHOT

Exploit Probability

EPSS
0.02%
Percentile
4.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.