CVE-2025-32948

Name of the Vulnerable Software and Affected Versions PeerTube (affected versions not specified)

Description The issue allows an attacker to cause the PeerTube server to stop functioning or, in special cases, send requests to arbitrary URLs, which is known as Blind Server-Side Request Forgery (SSRF). Attackers can exploit the "Create Activity" functionality by sending crafted ActivityPub activities to PeerTube's "inbox" endpoint, potentially leading to denial of service or an attacker-controlled blind SSRF.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.