cvedb.io
CVE-2025-32948
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-04-15T15:16:09.470 · Last modified 2026-06-17T09:12:50.820

Summary

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to create crafted playlists which will cause either denial of service or an attacker-controlled blind SSRF.

Affected products

framasoft — peertube

Does this affect you?

Add your gear to cvedb and we'll alert you only when framasoft ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.