HIGH🇬🇧 English

CVE-2025-32948

CVSS 7.5v3.1pub. 2025-04-15upd. 2025-10-21

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to create crafted playlists which will cause either denial of service or an attacker-controlled blind SSRF.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Framasoft Peertube

    APP
    Framasoft
    < 7.1.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SSRFDoS
CWE
Referencje

Powiązane podatności

CVE-2025-32947HIGH7.5ten sam produkt

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an i...

CVE-2022-0133HIGH7.5ten sam produkt

peertube is vulnerable to Improper Access Control

CVE-2022-0132HIGH7.5ten sam produkt

peertube is vulnerable to Server-Side Request Forgery (SSRF)

CVE-2025-32944MEDIUM6.5ten sam produkt

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persiste...

CVE-2025-32945MEDIUM4.3ten sam produkt

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube RE...

CVE-2025-32948 — HIGH 7.5 | CVEbaza.pl