Skip to main content

Peertube CVE-2025-32945

MEDIUM
Improper Ownership Management (CWE-282)
2025-04-15 reefs@jfrog.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:36 vuln.today
PoC Detected
Oct 21, 2025 - 14:33 vuln.today
Public exploit code
CVE Published
Apr 15, 2025 - 13:15 nvd
MEDIUM 4.3

DescriptionCVE.org

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, without checking if it belongs to the user.

AnalysisAI

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-282. The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, without checking if it belongs to the user. Affected products include: Framasoft Peertube.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-32948 HIGH POC
7.5 Apr 15

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send request

CVE-2025-32947 HIGH POC
7.5 Apr 15

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite lo

CVE-2025-32949 MEDIUM POC
6.5 Apr 15

This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when ex

CVE-2025-32944 MEDIUM POC
6.5 Apr 15

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.

CVE-2022-0881 MEDIUM POC
6.5 Mar 09

Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. Rated medium severity

CVE-2021-3780 MEDIUM POC
6.1 Sep 15

peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated me

CVE-2022-0727 MEDIUM POC
5.4 Feb 23

Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this

CVE-2022-0726 MEDIUM POC
5.4 Feb 23

Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this vu

CVE-2025-32946 MEDIUM POC
5.3 Apr 15

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. Ra

CVE-2025-32943 LOW POC
3.7 Apr 15

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server

CVE-2026-57167 MEDIUM
5.1 Jul 10

Stored XSS in PeerTube before version 8.2.2 allows any authenticated uploader to inject arbitrary HTML and JavaScript in

Share

CVE-2025-32945 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy