Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-32944

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup.

Published

2025-04-15T13:15:55.100

Last Modified

2025-10-21T14:34:03.990

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-248

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	framasoft	peertube	< 7.1.1	Yes

References

https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1 Release Notes ([email protected])
https://research.jfrog.com/vulnerabilities/peertube-archive-persistent-dos/ Exploit, Third Party Advisory ([email protected])