PT-2025-42787 · Unknown · Clipbucket

Published

2025-10-20

Updated

2025-11-07

CVE-2025-62429

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.2 #147

Description ClipBucket v5 is an open source video sharing platform susceptible to arbitrary PHP code execution. The type parameter within a POST request to the /upload/admin area/actions/update launch.php endpoint is incorporated into PHP tags and executed without adequate sanitization. This allows an attacker to execute arbitrary PHP code, potentially achieving Remote Code Execution (RCE).

Recommendations Update to ClipBucket version 5.5.2 #147 or later.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2025-62429

GHSA-3X4G-X3GV-RJMQ

Affected Products

Clipbucket

PT-2025-42787 · Unknown · Clipbucket

CVE-2025-62429

Weakness Enumeration

Related Identifiers

Affected Products

References · 10