CVE-2025-65113
BaseFortify
Publication date: 2025-11-29
Last updated on: 2025-12-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oxygenz | clipbucket | From 5.3 (inc) to 5.5.2-164 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authorization bypass in ClipBucket v5's AJAX flagging system that allows any unauthenticated user to flag any content such as users, videos, photos, and collections on the platform. This means attackers can misuse the flagging feature without logging in.
How can this vulnerability impact me? :
The vulnerability can lead to mass flagging attacks, disruption of content availability, and abuse of the moderation system, potentially affecting the integrity and usability of the platform.
What immediate steps should I take to mitigate this vulnerability?
Upgrade ClipBucket to version 5.5.2 - #164 or later, as this version contains the patch that fixes the authorization bypass vulnerability in the AJAX flagging system.