CVE-2025-62424

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.2 - #147

Description ClipBucket is a web-based video-sharing platform. The /admin area/template editor.php API endpoint has insufficient validation of the file-loading path. This allows administrators to read and write arbitrary files outside the intended template directory by using path traversal sequences in the folder parameter. An attacker with administrator privileges can read sensitive files, such as /etc/passwd, and modify writable files on the system, potentially leading to sensitive information disclosure and system compromise.

Recommendations Update to ClipBucket version 5.5.2 - #147 or later.