CVE-2025-32947

Exploit

EPSS 0.05%
Veröffentlicht 15.04.2025 14:45:29
Zuletzt bearbeitet 21.10.2025 16:30:48
Quelle reefs@jfrog.com
CVE-Watchlists
Login
Unerledigt
Login

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Framasoft ≫ Peertube Version < 7.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.162

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
reefs@jfrog.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1

Release Notes

https://research.jfrog.com/vulnerabilities/peertube-activitypub-crawl-dos/

Third Party Advisory

Exploit

https://github.com/Chocobozzz/PeerTube/commit/76226d85685220db1495025300eca784d0336f7d

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-32947

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32947

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32947

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-32947