Home

Description

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.

PUBLISHED Reserved 2025-04-14 | Published 2025-04-15 | Updated 2025-08-20 | Assigner JFROG




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

Product status

Default status
unaffected

Any version before 7.1.1
affected

References

github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1 release-notes

research.jfrog.com/...lities/peertube-activitypub-crawl-dos/ third-party-advisory

github.com/...ommit/76226d85685220db1495025300eca784d0336f7d patch

cve.org (CVE-2025-32947)

nvd.nist.gov (CVE-2025-32947)

Download JSON