Miggo Logo
Miggo Vulnerability Database
CVE-2025-62783

CVE-2025-62783: InventoryGui affected by item duplication in GUIs which use GuiStorageElement

5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-62783
GHSA ID
GHSA-598q-jw82-5w66
EPSS Score
-
CWE
CWE-754
Published
10/27/2025
Updated
10/27/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
de.themoep:inventoryguimaven<= 1.6.1-SNAPSHOT1.6.2-SNAPSHOT

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis of the patch commit 27a52ef6d934a1c232e110e0010e4aa810c27029 reveals that the item duplication vulnerability is rooted in the simulateCollectToCursor method of the InventoryGui.java file. The original implementation failed to correctly associate inventory updates with the specific player performing the action, creating a race condition that could be exploited to duplicate items. The patch rectifies this by passing the player object to the setStorageItem method, ensuring that the operation is atomic and player-specific. The handleInteract method is also identified as a relevant function, as it acts as the dispatcher that invokes the vulnerable simulateCollectToCursor method upon a COLLECT_TO_CURSOR event. The changes in handleInteract itself are primarily for error handling, but its role in the execution path makes it a relevant function for profiling during exploitation.

Vulnerable functions

de.themoep.inventorygui.InventoryGui.simulateCollectToCursor
src/main/java/de/themoep/inventorygui/InventoryGui.java
The vulnerability is in the `simulateCollectToCursor` method. The original code did not correctly handle the player context when updating items in a `GuiStorageElement`. This could lead to a state where items were not correctly removed from the storage, allowing for duplication when a player performed a "collect to cursor" action. The patch fixes this by passing the player entity to the `setStorageItem` method, ensuring the inventory update is correctly scoped to the interacting player.
de.themoep.inventorygui.InventoryGui.handleInteract
src/main/java/de/themoep/inventorygui/InventoryGui.java
This function is the entry point for all interactions within the GUI. It identifies the type of click and, in the case of a `COLLECT_TO_CURSOR` action, it calls the vulnerable `simulateCollectToCursor` method. Therefore, this function is a critical part of the execution flow that leads to the item duplication vulnerability.

WAF Protection Rules

WAF Rule

### Imp**t *ny plu*in usin* t** `*uiStor****l*m*nt` is imp**t**. ### P*t***s P*t**** wit* *ttps://*it*u*.*om/P*o*nix***/Inv*ntory*ui/*ommit/**************************************** ("***kport**" to *.*.*-SN*PS*OT) Up**t* to *.*.*-SN*PS*OT to *u*r*nt

Reasoning

T** *n*lysis o* t** p*t** *ommit `****************************************` r*v**ls t**t t** it*m *upli**tion vuln*r**ility is root** in t** `simul*t**oll**tTo*ursor` m*t*o* o* t** `Inv*ntory*ui.j*v*` *il*. T** ori*in*l impl*m*nt*tion **il** to *orr*