CVE-2025-62429

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PHP tags and executed. Proper sanitization is not performed, and by injecting malicious code an attacker can execute arbitrary PHP code. This allows an attacker to achieve RCE. This issue has been resolved in version 5.5.2 #147.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/MacWarrior/clipbucket-v5/commit/e81bac602c871bb1ad971884003a3a496a2ab50b
https://github.com/MacWarrior/clipbucket-v5/releases/tag/5.5.2-%23147
https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3x4g-x3gv-rjmq
https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3x4g-x3gv-rjmq

Configurations

No configuration.

History

20 Oct 2025, 19:15

Type	Values Removed	Values Added
References	~~() https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3x4g-x3gv-rjmq -~~	() https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3x4g-x3gv-rjmq -

20 Oct 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-20 17:15

Updated : 2025-10-21 19:31

NVD link : CVE-2025-62429

Mitre link : CVE-2025-62429

CVE.ORG link : CVE-2025-62429

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

7.2 /10