CVE-2025-32944

{"id": "CVE-2025-32944", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "reefs@jfrog.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-04-15T13:15:55.100", "references": [{"url": "https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1", "tags": ["Release Notes"], "source": "reefs@jfrog.com"}, {"url": "https://research.jfrog.com/vulnerabilities/peertube-archive-persistent-dos/", "tags": ["Exploit", "Third Party Advisory"], "source": "reefs@jfrog.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "reefs@jfrog.com", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.\u00a0\u00a0If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup."}, {"lang": "es", "value": "La vulnerabilidad permite que cualquier usuario autenticado provoque el bloqueo persistente del servidor de PeerTube. Si la importaci\u00f3n de usuarios est\u00e1 habilitada (configuraci\u00f3n predeterminada), cualquier usuario registrado puede cargar un archivo para su importaci\u00f3n. El c\u00f3digo utiliza la librer\u00eda yauzl para leer el archivo. Si la librer\u00eda yauzl encuentra un nombre de archivo considerado ilegal, genera una excepci\u00f3n que PeerTube no detecta, lo que provoca un bloqueo que se repite indefinidamente al iniciar."}], "lastModified": "2025-10-21T14:34:03.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:framasoft:peertube:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8E26564-C5EB-4B35-9E6B-2B4C4297D307", "versionEndExcluding": "7.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "reefs@jfrog.com"}