CVE-2025-32947

PeerTube ActivityPub Crawl Infinite Loop DoS

CVSS 7.5 HIGHEPSS 0.6%CWE-835

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

15 Apr 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Chocobozzz/PeerTube

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Chocobozzz/PeerTube/commit/76226d85685220db1495025300eca784d0336f7d https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1 https://research.jfrog.com/vulnerabilities/peertube-activitypub-crawl-dos/