CVE-2025-62429 HIGH

CVE-2025-62429: ClipBucket v5 executes arbitrary PHP code

Vendor Macwarrior
Product clipbucket-v5
Weakness CWE-94 · Code injection
Published October 20, 2025
Last update October 20, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PHP tags and executed. Proper sanitization is not performed, and by injecting malicious code an attacker can execute arbitrary PHP code. This allows an attacker to achieve RCE. This issue has been resolved in version 5.5.2 #147.

Key dates

02Disclosure timeline

October 20, 2025 CVE published
October 20, 2025 Record updated