CVE-2025-32944

MEDIUM

6.5

Descripcion

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup.

Detalles CVE

Puntuacion CVSS v3.16.5

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado4/15/2025

Ultima modificacion10/21/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

framasoft:peertube

Debilidades (CWE)

CWE-248

Referencias

https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1(reefs@jfrog.com)

https://research.jfrog.com/vulnerabilities/peertube-archive-persistent-dos/(reefs@jfrog.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.