CVE-2025-21624
Published: 07 January 2025
Summary
CVE-2025-21624 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Oxygenz Clipbucket. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the lack of proper validation on uploaded playlist cover images, preventing acceptance of malicious PHP scripts disguised as images.
Mandates timely remediation of the specific file upload flaw by applying the patch in version 5.5.1-239.
Restricts file uploads in the Manage Playlist functionality to only permitted image types, blocking executable PHP files at the input boundary.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote file upload in public-facing web app directly enables webshell deployment and RCE.
NVD Description
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker…
more
can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. This vulnerability is fixed in 5.5.1 - 239.
Deeper analysisAI
CVE-2025-21624 is a critical file upload vulnerability (CVSS 9.8; CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; CWE-434) in ClipBucket V5, an open-source PHP-based video hosting platform. In versions prior to 5.5.1-239, the Manage Playlist functionality fails to properly validate uploaded playlist cover images, allowing attackers to upload PHP script files instead of legitimate images. This enables storage and execution of malicious files, such as webshells, on the server. The issue affects both the admin area and low-level user areas.
Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By uploading a malicious PHP file via the playlist cover image upload feature, attackers achieve remote code execution on the server, potentially leading to full compromise including data theft, modification, or disruption, as indicated by the high impact scores across confidentiality, integrity, and availability.
ClipBucket addresses this vulnerability in version 5.5.1-239. Security practitioners should upgrade to this patched release immediately. Additional details, including the fix implementation, are available in the GitHub security advisory at https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc and the corresponding commit at https://github.com/MacWarrior/clipbucket-v5/commit/893bfb0f1236c4a59b5e2843ab8d27a1e491b12b.
Details
- CWE(s)