What the vulnerability does
01Description
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.
CVE-2025-32947
HIGH
CVE-2025-32947: PeerTube ActivityPub Crawl Infinite Loop DoS
CVSS base score
7.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Key dates
02Disclosure timeline
April 15, 2025
CVE published
August 20, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2021-25664
CVE-2023-43645 Denial of service from circular relationship definitions in OpenFGA
CVE-2021-34334 Denial of service due to integer overflow in loop counter
CVE-2023-20020
CVE-2021-0273 Junos OS and Junos OS Evolved: Trio Chipset: Denial of Service due to packet destined to device's interfaces.
