File Upload Vulnerability in ClipBucket Video Hosting Application
CVE-2025-21624

Currently unrated

Key Information:

Vendor: ClipBucket
Status: ClipBucket V5
Vendor: CVE Published:; 7 January 2025

Badges

👾 Exploit Exists🟣 EPSS 10%

What is CVE-2025-21624?

In ClipBucket V5 prior to version 5.5.1 - 239, a significant file upload vulnerability exists within the Manage Playlist functionality. This flaw enables attackers to upload malicious PHP script files masquerading as image files during the upload of playlist cover images. The lack of robust validation checks permits both administrators and regular users to execute potentially harmful scripts on the server. Consequently, this vulnerability poses a serious risk to the security of services relying on ClipBucket for video hosting, making it essential to upgrade to the patched version to mitigate these risks.

References

https://github.com/MacWarrior/clipbucket-v5/commit/893bfb...

https://github.com/MacWarrior/clipbucket-v5/security/advi...

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 4, 2025
Vulnerability published
Jan 7, 2025