CVE-2025-32948

High CVSS: 7.5

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to create crafted playlists which will cause either denial of service or an attacker-controlled blind SSRF.

Vendor

Framasoft

Product

Peertube

CWE

CWE-843

Yayın Tarihi

2025-04-15 15:16:09

Güncelleme

2025-10-21 16:26:11

Source Identifier

reefs@jfrog.com

KEV Date Added

Kategoriler

CWE-843 Peertube HIGH Framasoft 2025

Referanslar

https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1 https://research.jfrog.com/vulnerabilities/peertube-activitypub-playlist-creation-blind-ssrf-dos/

Benzer Kayıtlar

High

CVE-2025-32947

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite lo…

Medium

CVE-2025-32949

This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when ex…

Medium

CVE-2025-32944

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.…

Medium

CVE-2025-32945

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. Th…

Medium

CVE-2025-32946

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. Th…

Low

CVE-2025-32943

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server…