{"vulnerability": "cve-2025-21624", "sightings": [{"uuid": "a1ec264c-c737-4152-8a6a-e06c7bbda258", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21624", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113788094723392306", "content": "", "creation_timestamp": "2025-01-07T16:48:57.122927Z"}, {"uuid": "0e3773e0-3d18-4100-ae49-894618736e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21624", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113787932671356345", "content": "", "creation_timestamp": "2025-01-07T16:07:44.002711Z"}, {"uuid": "5c6c7c3a-e174-4fd5-a69c-120b527e99c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21624", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/16832", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aPoC, and documentation of deployment of a vulnerable instance of ClipBucket-v5 for demonstration of CVE-2025-21624.\nURL\uff1ahttps://github.com/shreyas-malhotra/CVE-2025-21624\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-03-04T13:26:34.000000Z"}, {"uuid": "3cc95abe-b663-408c-b998-256651e7914a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21624", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/498", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21624\n\ud83d\udd39 Description: ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. This vulnerability is fixed in 5.5.1 - 239.\n\ud83d\udccf Published: 2025-01-07T15:46:11.169Z\n\ud83d\udccf Modified: 2025-01-07T17:02:34.217Z\n\ud83d\udd17 References:\n1. https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc\n2. https://github.com/MacWarrior/clipbucket-v5/commit/893bfb0f1236c4a59b5e2843ab8d27a1e491b12b", "creation_timestamp": "2025-01-07T17:42:33.000000Z"}, {"uuid": "17ebeecf-1ae4-43e1-8340-5fea1edb4238", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21624", "type": "published-proof-of-concept", "source": "Telegram/AUcfxApx61EFHOeSqEfIRLhfCLQTn8bpNAF6AdXUDg93-Ws", "content": "", "creation_timestamp": "2025-03-04T22:00:06.000000Z"}]}