4.3

CVE-2025-32945

Exploit

EPSS 0.06%
Veröffentlicht 15.04.2025 12:56:32
Zuletzt bearbeitet 21.10.2025 14:33:23
Quelle reefs@jfrog.com
CVE-Watchlists
Login
Unerledigt
Login

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, without checking if it belongs to the user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Framasoft ≫ Peertube Version < 7.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.198

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
reefs@jfrog.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-282 Improper Ownership Management

The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1

Release Notes

https://research.jfrog.com/vulnerabilities/peertube-arbitrary-playlist-creation-rest/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-32945

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32945

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32945

EUVD