CVE-2025-65113

MEDIUM

Oxygenz Clipbucket < 5.5.2-164 - Resource Allocation Without Limits

Title source: rule

Description

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 - #164, an authorization bypass vulnerability in the AJAX flagging system allows any unauthenticated user to flag any content (users, videos, photos, collections) on the platform. This can lead to mass flagging attacks, content disruption, and moderation system abuse. This issue has been patched in version 5.5.2 - #164.

References (2)

Core 2

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-9f8v-vph8-pq6q

Patch x_refsource_misc

https://github.com/MacWarrior/clipbucket-v5/commit/a83b807e592f85d98f1f156bd3cbb1ffcc230233

View Patch ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0010

EPSS Percentile 28.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (1)

oxygenz/clipbucket 5.3 - 5.5.2-164

Published Nov 29, 2025

Tracked Since Feb 18, 2026