CVE-2025-21623

HighPublic PoC

Published: 07 January 2025

Published

07 January 2025

Modified

05 September 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0136 80.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21623 is a high-severity Path Traversal (CWE-22) vulnerability in Oxygenz Clipbucket. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validating and sanitizing user-supplied template directory inputs to prevent directory traversal attacks.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of flaws like this directory traversal vulnerability through patching to version 5.5.1-238 or later.

SC-5 Denial-of-service Protection partial match

preventdetect

Provides mechanisms to protect against denial-of-service impacts from template loading failures caused by directory traversal.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Directory traversal in public-facing PHP web app directly enables remote unauthenticated exploitation (T1190) resulting in application DoS via template path manipulation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service.

Deeper analysisAI

ClipBucket V5, an open source PHP-based video hosting platform, is affected by CVE-2025-21623, a directory traversal vulnerability (CWE-22, CWE-306) in versions prior to 5.5.1-238. The flaw allows attackers to manipulate the template directory path, disrupting normal application functionality and leading to a denial of service. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its high availability impact with low complexity and no authentication requirements.

Unauthenticated attackers can exploit this vulnerability remotely over the network with minimal effort, requiring no privileges or user interaction. By traversing directories to alter the template directory, they can cause the application to fail loading templates, resulting in denial of service that renders the video hosting service unavailable.

The GitHub security advisory (GHSA-ffhj-hprx-7qvr) and associated commit (75d663f010cd8569eb9e278f030838174fb30188) in the MacWarrior/clipbucket-v5 repository detail the patch, which sanitizes the template directory input to prevent traversal. Security practitioners should upgrade to ClipBucket V5 version 5.5.1-238 or later to mitigate the issue.