Path Traversal Vulnerability in ClipBucket V5 Video Hosting Software
CVE-2025-21622

Currently unrated

Key Information:

Vendor: ClipBucket
Status: ClipBucket V5
Vendor: CVE Published:; 7 January 2025

What is CVE-2025-21622?

The vulnerability in ClipBucket V5 involves the avatar upload feature where user input is not adequately validated. When deleting an avatar, the software checks if the specified avatar URL corresponds to a file in the designated avatars subdirectory. However, due to insufficient validation for path traversal sequences, a malicious user could manipulate the input to target files outside the intended folder, leading to unauthorized file deletion. This loophole exposes systems to potential data loss and requires immediate attention via updates, specifically version 5.5.1 - 237, to mitigate the issue.

References

https://github.com/MacWarrior/clipbucket-v5/commit/22329c...

https://github.com/MacWarrior/clipbucket-v5/security/advi...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2025