CVE-2025-62429

HIGH

ClipBucket 5.3-5.5.2-147 - Remote Code Execution via Update Launch Type Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-62429. PoCs published by drkim-dev.

AI-analyzed exploit summary The repository contains only a minimal README with a CVE identifier and a brief description of a Clipbucket RCE vulnerability, but no exploit code, technical details, or additional content.

Description

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PHP tags and executed. Proper sanitization is not performed, and by injecting malicious code an attacker can execute arbitrary PHP code. This allows an attacker to achieve RCE. This issue has been resolved in version 5.5.2 #147.

Exploits (1)

nomisec STUB
by drkim-dev · poc
https://github.com/drkim-dev/CVE-2025-62429

The repository contains only a minimal README with a CVE identifier and a brief description of a Clipbucket RCE vulnerability, but no exploit code, technical details, or additional content.

Classification
Stub 90%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: Clipbucket (version unspecified)
No auth needed
devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.2
EPSS 0.0078
EPSS Percentile 51.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
oxygenz/clipbucket 5.3 - 5.5.2-147
Published Oct 20, 2025
Tracked Since Feb 18, 2026