CVE-2025-32947

HIGH

Framasoft Peertube < 7.1.1 - Infinite Loop

Title source: rule

Description

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.

References (3)

[Release Notes] https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1

[Exploit, Third Party Advisory] https://research.jfrog.com/vulnerabilities/peertube-activitypub-crawl-dos/

[Patch] https://github.com/Chocobozzz/PeerTube/commit/76226d85685220db1495025300eca784d0336f7d

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 16.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-835

Status published

Products (1)

framasoft/peertube < 7.1.1

Published Apr 15, 2025

Tracked Since Feb 18, 2026