6.5

CVE-2025-32944

Exploit

EPSS 0.48%
Veröffentlicht 15.04.2025 12:50:38
Zuletzt bearbeitet 21.10.2025 14:34:03
Quelle reefs@jfrog.com
CVE-Watchlists
Login
Unerledigt
Login

PeerTube User Import Authenticated Persistent Denial of Service

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.  If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Framasoft ≫ Peertube Version < 7.1.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.375

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
reefs@jfrog.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.

https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1

Release Notes

https://research.jfrog.com/vulnerabilities/peertube-archive-persistent-dos/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-32944

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32944

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32944

EUVD