CVE-2025-32945

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-32945

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32945.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-32945

Published

2025-04-15T13:15:55Z

Modified

2025-05-28T10:29:41.748796Z

Summary

[none]

Details

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, without checking if it belongs to the user.

References

Affected packages

Git / github.com/chocobozzz/peertube

Affected ranges

Type: GIT
Repo: https://github.com/chocobozzz/peertube
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b9c3a4837e6a5e5d790e55759e3cf2871df4f03c

Affected versions

test-tag-1.*

test-tag-1.0.0

v0.*

v0.0.11-alpha

v0.0.12-alpha

v0.0.13-alpha

v0.0.14-alpha

v0.0.16-alpha

v0.0.17-alpha

v0.0.18-alpha

v0.0.19-alpha

v0.0.20-alpha

v0.0.21-alpha

v0.0.22-alpha

v0.0.23-alpha

v0.0.27-alpha

v0.0.28-alpha

v0.0.29-alpha

v0.0.3-alpha

v0.0.4-alpha

v0.0.5-alpha

v0.0.6-alpha

v0.0.8-alpha

v0.0.9-alpha

v1.*

v1.0.0

v1.0.0-alpha.1

v1.0.0-alpha.10

v1.0.0-alpha.2

v1.0.0-alpha.3

v1.0.0-alpha.4

v1.0.0-alpha.5

v1.0.0-alpha.6

v1.0.0-alpha.7

v1.0.0-alpha.8

v1.0.0-alpha.9

v1.0.0-beta.1

v1.0.0-beta.10

v1.0.0-beta.10.pre.1

v1.0.0-beta.10.pre.2

v1.0.0-beta.10.pre.3

v1.0.0-beta.11

v1.0.0-beta.12

v1.0.0-beta.13

v1.0.0-beta.14

v1.0.0-beta.15

v1.0.0-beta.16

v1.0.0-beta.2

v1.0.0-beta.3

v1.0.0-beta.4

v1.0.0-beta.5

v1.0.0-beta.6

v1.0.0-beta.7

v1.0.0-beta.8

v1.0.0-beta.9

v1.0.0-rc.1

v1.0.0-rc.2

v1.0.1

v1.1.0

v1.1.0-alpha.1

v1.1.0-rc.1

v1.2.0

v1.2.0-rc.1

v1.2.1

v1.3.0

v1.3.0-rc.1

v1.3.0-rc.2

v1.3.1

v1.4.0

v1.4.0-rc.1

v1.4.1

v2.*

v2.0.0

v2.0.0-rc.1

v2.1.0

v2.1.0-rc.1

v2.1.1

v2.2.0

v2.2.0-rc.1

v2.3.0

v2.3.0-rc.1

v2.4.0

v2.4.0-rc.1

v3.*

v3.0.0

v3.0.0-rc.1

v3.0.1

v3.1.0

v3.1.0-rc.1

v3.2.0

v3.2.0-rc.1

v3.2.1

v3.3.0

v3.3.0-rc.1

v3.4.0

v3.4.0-rc.1

v3.4.1

v4.*

v4.0.0

v4.0.0-rc.1

v4.1.0

v4.1.0-rc.1

v4.1.1

v4.2.0

v4.2.0-rc.1

v4.2.1

v4.2.2

v4.3.0

v4.3.0-rc.1

v4.3.1

v5.*

v5.0.0

v5.0.0-rc.1

v5.0.1

v5.1.0

v5.1.0-rc.1

v5.2.0

v5.2.0-rc.1

v5.2.1

v6.*

v6.0.0

v6.0.0-rc.1

v6.0.0-rc.2

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.1.0

v6.1.0-rc.1

v6.2.0

v6.2.0-rc.1

v6.2.1

v6.3.0

v6.3.0-rc.1

v6.3.1

v6.3.2

v6.3.3

v7.*

v7.0.0

v7.0.0-rc.1

v7.0.1

v7.1.0

v7.1.0-rc.1