216.73.217.22

CVE-2025-62424

· Published 17/10/2025 18:15 · Modified 17/10/2025 18:15

Labels: CVE-2025-62424 2025-10-17CVE-2025-62424CWE-22[email protected]

Essential information

Published
17/10/2025 18:15
Modified
17/10/2025 18:15
Author
Creator
CVSS
6.7 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CVSS metrics

Description

ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier, the /admin_area/template_editor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary files outside the intended template directory by inserting path traversal sequences into the folder parameter. An attacker with administrator privileges can exploit this vulnerability to read sensitive files such as /etc/passwd and modify writable files on the system, potentially leading to sensitive information disclosure and compromise of the application or server. This issue is fixed in version 5.5.2 - #147.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
clipbucket / clipbucket cpe:2.3:a:clipbucket:clipbucket:5.5.2:*:*:*:*:*:*:*

References