CVE-2025-21624

Name of the Vulnerable Software and Affected Versions ClipBucket V5 versions prior to 5.5.1 - 239

Description A file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area.

Recommendations Update to version 5.5.1 - 239 to fix the vulnerability. As a temporary workaround, consider disabling the file upload functionality in the Manage Playlist section until the update is applied. Restrict access to the server to minimize the risk of exploitation. Avoid using the file upload feature for playlist cover images until the issue is resolved.