Peertube
CVE-2025-32945
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, without checking if it belongs to the user.
AnalysisAI
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-282. The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, without checking if it belongs to the user. Affected products include: Framasoft Peertube.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send request
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite lo
This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when ex
The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. Rated medium severity
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this
Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this vu
This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. Ra
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server
Stored XSS in PeerTube before version 8.2.2 allows any authenticated uploader to inject arbitrary HTML and JavaScript in
Same weakness CWE-282 – Improper Ownership Management
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today