CVE-2025-32947
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
0 < 7.1.1 | affected |
Weaknesses
- CWE-835: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1
- https://research.jfrog.com/vulnerabilities/peertube-activitypub-crawl-dos/
- https://github.com/Chocobozzz/PeerTube/commit/76226d85685220db1495025300eca784d0336f7d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.