Plattform
php
Komponente
clipbucket-v5
Behoben in
5.5.2
CVE-2025-21623 describes a denial-of-service (DoS) vulnerability affecting ClipBucket V5, an open-source video hosting platform written in PHP. This vulnerability allows unauthenticated attackers to manipulate the template directory, potentially causing the application to crash or become unresponsive. The vulnerability impacts versions of ClipBucket V5 up to and including 5.5.1 - 238, and a patch is available in version 5.5.1 - 238.
This vulnerability allows an unauthenticated attacker to trigger a denial-of-service condition within a ClipBucket V5 installation. By exploiting the directory traversal, an attacker can force the application to attempt to access or process invalid files, leading to resource exhaustion and ultimately rendering the video hosting service unavailable to legitimate users. The impact extends beyond simple unavailability; prolonged DoS attacks can disrupt video streaming, user uploads, and administrative functions, potentially causing significant operational and reputational damage. The blast radius is limited to the affected ClipBucket V5 instance, but a successful attack could impact all users relying on that service.
CVE-2025-21623 was publicly disclosed on January 7, 2025. No public proof-of-concept (PoC) code has been observed at the time of this writing. The vulnerability's severity is rated as HIGH with a CVSS score of 7.5. It is not currently listed on the CISA KEV catalog. Active exploitation is not confirmed.
Organizations and individuals using ClipBucket V5 for video hosting are at risk, particularly those running older, unpatched versions (≤ 5.5.1 - 238). Shared hosting environments where ClipBucket V5 is installed are especially vulnerable due to the potential for attackers to exploit the vulnerability across multiple installations.
• php / server:
find /var/www/clipbucket/ -path "*/..*/" -print• generic web:
curl -I 'http://your-clipbucket-site.com/templates/../../../../etc/passwd' # Check for directory traversaldisclosure
Exploit-Status
EPSS
1.36% (80% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-21623 is to immediately upgrade ClipBucket V5 to version 5.5.1 - 238 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the template directory through web application firewall (WAF) rules or proxy configurations. Specifically, block requests containing directory traversal sequences (e.g., ../) in the template directory path. After upgrading, verify the fix by attempting to access the application with a crafted URL containing a directory traversal sequence; the request should be rejected.
Actualice ClipBucket V5 a la versión 5.5.1 - 238 o superior. Esta actualización corrige la vulnerabilidad de recorrido de directorio que permite a atacantes no autenticados modificar el directorio de plantillas, causando una denegación de servicio. Descargue la última versión desde el sitio web oficial o a través del sistema de actualización del panel de administración.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-21623 is a denial-of-service vulnerability in ClipBucket V5 allowing unauthenticated attackers to manipulate the template directory, potentially causing service disruption. It affects versions 5.5.1 and earlier.
You are affected if you are running ClipBucket V5 version 5.5.1 or earlier. Upgrade to version 5.5.1 - 238 to mitigate the risk.
Upgrade ClipBucket V5 to version 5.5.1 - 238 or later. As a temporary workaround, implement WAF rules to block directory traversal attempts.
While no active exploitation has been confirmed, the ease of exploitation suggests a potential for opportunistic attacks. Monitor your systems for suspicious activity.
Refer to the official ClipBucket security advisory for detailed information and updates: [https://www.clipbucket.net/security/advisories/]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.