CVE-2025-32947: PeerTube ActivityPub Crawl Infinite Loop DoS

7.5 CVSS

Description

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.

Classification

CVE ID: CVE-2025-32947

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem Types

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

Affected Products

Vendor:

Product:

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.55% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32947
https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1
https://research.jfrog.com/vulnerabilities/peertube-activitypub-crawl-dos/

Timeline

2025-04-15 15:40:12 UTC
CVE

PeerTube ActivityPub Crawl Infinite Loop DoS