CVE-2025-62423 - Vulnerability Details - OpenCVE

ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/admin_area/login_as_user.php” file. Exploiting this vulnerability requires access privileges to the Admin Area.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00027.

Exploitation poc

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/MacWarrior/clipbucket-v5/commit/b3bf27e367f318c2afe9bd11368be9d00e272148
https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3wpr-jprj-52fc

History

Fri, 17 Oct 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 16 Oct 2025 18:45:00 +0000

Type	Values Removed	Values Added
Description		ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/admin_area/login_as_user.php” file. Exploiting this vulnerability requires access privileges to the Admin Area.
Title		ClipBucket V5 Blind SQL injection in the Admin Panel
Weaknesses		CWE-89
References		https://github.com/MacWarrior/clipbucket-v5/commit/b3bf27e367f318c2afe9bd11368be9d00e272148 https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3wpr-jprj-52fc
Metrics		cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-10-16T18:40:44.069Z

Updated: 2025-10-17T14:30:22.271Z

Reserved: 2025-10-13T16:26:12.180Z

Link: CVE-2025-62423

Vulnrichment

Updated: 2025-10-17T14:30:13.225Z

NVD

Status : Received

Published: 2025-10-16T19:15:34.960

Modified: 2025-10-17T15:15:40.163

Link: CVE-2025-62423

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-62423", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-10-13T16:26:12.180Z", "datePublished": "2025-10-16T18:40:44.069Z", "dateUpdated": "2025-10-17T14:30:22.271Z"}, "containers": {"cna": {"title": "ClipBucket V5 Blind SQL injection in the Admin Panel", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3wpr-jprj-52fc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3wpr-jprj-52fc"}, {"name": "https://github.com/MacWarrior/clipbucket-v5/commit/b3bf27e367f318c2afe9bd11368be9d00e272148", "tags": ["x_refsource_MISC"], "url": "https://github.com/MacWarrior/clipbucket-v5/commit/b3bf27e367f318c2afe9bd11368be9d00e272148"}], "affected": [{"vendor": "MacWarrior", "product": "clipbucket-v5", "versions": [{"version": "<= 5.5.2 - #140", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-10-16T18:40:44.069Z"}, "descriptions": [{"lang": "en", "value": "ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area\u2019s \u201c/admin_area/login_as_user.php\u201d file. Exploiting this vulnerability requires access privileges to the Admin Area."}], "source": {"advisory": "GHSA-3wpr-jprj-52fc", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3wpr-jprj-52fc", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-17T14:30:19.162957Z", "id": "CVE-2025-62423", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-17T14:30:22.271Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-62423", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-17T14:30:19.162957Z"}}}], "references": [{"url": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3wpr-jprj-52fc", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-17T14:30:13.225Z"}}], "cna": {"title": "ClipBucket V5 Blind SQL injection in the Admin Panel", "source": {"advisory": "GHSA-3wpr-jprj-52fc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "MacWarrior", "product": "clipbucket-v5", "versions": [{"status": "affected", "version": "<= 5.5.2 - #140"}]}], "references": [{"url": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3wpr-jprj-52fc", "name": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3wpr-jprj-52fc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/MacWarrior/clipbucket-v5/commit/b3bf27e367f318c2afe9bd11368be9d00e272148", "name": "https://github.com/MacWarrior/clipbucket-v5/commit/b3bf27e367f318c2afe9bd11368be9d00e272148", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area\u2019s \u201c/admin_area/login_as_user.php\u201d file. Exploiting this vulnerability requires access privileges to the Admin Area."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-10-16T18:40:44.069Z"}}}, "cveMetadata": {"cveId": "CVE-2025-62423", "state": "PUBLISHED", "dateUpdated": "2025-10-17T14:30:22.271Z", "dateReserved": "2025-10-13T16:26:12.180Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-10-16T18:40:44.069Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}