Platform
php
Component
clipbucket-v5
Fixed in
5.5.2
CVE-2025-21623 describes a denial-of-service (DoS) vulnerability affecting ClipBucket V5, an open-source video hosting platform written in PHP. This vulnerability allows unauthenticated attackers to manipulate the template directory, potentially causing the application to crash or become unresponsive. The vulnerability impacts versions of ClipBucket V5 up to and including 5.5.1 - 238, and a patch is available in version 5.5.1 - 238.
The primary impact of CVE-2025-21623 is a denial-of-service. A successful exploit allows an attacker to modify the template directory, which can lead to various outcomes, including application crashes, service unavailability, and potentially the inability for legitimate users to access the video hosting platform. While the vulnerability doesn't directly expose sensitive data, prolonged downtime can significantly impact the availability of hosted videos and associated services. The ease of exploitation, requiring no authentication, increases the risk of widespread attacks targeting vulnerable ClipBucket V5 installations.
CVE-2025-21623 was publicly disclosed on January 7, 2025. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability's ease of exploitation and the lack of authentication requirements suggest a potential for opportunistic attacks. The CVSS score of 7.5 (HIGH) indicates a significant risk.
Exploit Status
EPSS
1.36% (80% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-21623 is to immediately upgrade ClipBucket V5 to version 5.5.1 - 238 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting access to the template directory through web application firewall (WAF) rules or proxy configurations. Specifically, block requests that attempt to traverse directories using sequences like '../'. Regularly review and harden file permissions to prevent unauthorized modifications. After upgrading, confirm the fix by attempting a directory traversal attack on the application and verifying that it is blocked.
Actualice ClipBucket V5 a la versión 5.5.1 - 238 o superior. Esta actualización corrige la vulnerabilidad de recorrido de directorio que permite a atacantes no autenticados modificar el directorio de plantillas, causando una denegación de servicio. Descargue la última versión desde el sitio web oficial o a través del sistema de actualización del panel de administración.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-21623 is a denial-of-service vulnerability in ClipBucket V5 allowing unauthenticated attackers to manipulate the template directory, potentially causing service disruption. It affects versions 5.5.1 and earlier.
You are affected if you are running ClipBucket V5 version 5.5.1 or earlier. Upgrade to version 5.5.1 - 238 to mitigate the risk.
Upgrade ClipBucket V5 to version 5.5.1 - 238 or later. As a temporary workaround, implement WAF rules to block directory traversal attempts.
While no active exploitation has been confirmed, the ease of exploitation suggests a potential for opportunistic attacks. Monitor your systems for suspicious activity.
Refer to the official ClipBucket security advisory for detailed information and updates: [https://www.clipbucket.net/security/advisories/]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.