CVE-2025-62424 MEDIUM

CVE-2025-62424: ClipBucket path traversal vulnerability in template editor allows arbitrary file read and write

Vendor Macwarrior
Product clipbucket-v5
Weakness CWE-22 · Path traversal
Published October 17, 2025
Last update October 17, 2025

CVSS base score

6.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier, the /admin_area/template_editor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary files outside the intended template directory by inserting path traversal sequences into the folder parameter. An attacker with administrator privileges can exploit this vulnerability to read sensitive files such as /etc/passwd and modify writable files on the system, potentially leading to sensitive information disclosure and compromise of the application or server. This issue is fixed in version 5.5.2 - #147.

Key dates

02Disclosure timeline

October 17, 2025 CVE published
October 17, 2025 Record updated