MEDIUM🇵🇱 Wersja polska

CVE-2025-32945

CVSS 4.3v3.1pub. 2025-04-15upd. 2025-10-21

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, without checking if it belongs to the user.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
  • Framasoft Peertube

    APP
    Framasoft
    < 7.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-32947HIGH7.5ten sam produkt

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an i...

CVE-2025-32948HIGH7.5ten sam produkt

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases se...

CVE-2022-0133HIGH7.5ten sam produkt

peertube is vulnerable to Improper Access Control

CVE-2022-0132HIGH7.5ten sam produkt

peertube is vulnerable to Server-Side Request Forgery (SSRF)

CVE-2025-32944MEDIUM6.5ten sam produkt

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persiste...