CVE-2025-62430
📋 TL;DR
ClipBucket v5 through build 5.5.2 #145 has stored cross-site scripting (XSS) vulnerabilities in video and photo metadata fields. Authenticated users can inject malicious scripts that execute when any user views affected content, potentially leading to session hijacking or unauthorized admin actions. All users who can edit videos/photos are affected, and all visitors viewing that content are at risk.
💻 Affected Systems
- ClipBucket v5
📦 What is this software?
Clipbucket by Oxygenz
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains administrative privileges by tricking admin into executing malicious scripts, leading to complete system compromise, data exfiltration, or account takeover.
Likely Case
Session hijacking of regular users, defacement of video/photo pages, or limited unauthorized actions through CSRF-like attacks.
If Mitigated
Script execution but limited impact due to HttpOnly cookies and proper session management, potentially only causing page disruption.
🎯 Exploit Status
Requires authenticated user to inject payload, but payload execution is automatic for all viewers. HttpOnly cookies limit direct cookie theft.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Build 5.5.2 #146 or later
Vendor Advisory: https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-qrqq-hpf3-9mc9
Restart Required: No
Instructions:
1. Backup your ClipBucket installation and database. 2. Download the latest version from the official repository. 3. Replace all files with the patched version. 4. Verify the fix by checking the build number in admin panel.
🔧 Temporary Workarounds
No known workarounds
allThe advisory states no known workarounds exist. Input validation must be implemented at the application level.
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to restrict script execution sources
- Disable video/photo editing for all non-admin users to prevent payload injection
🔍 How to Verify
Check if Vulnerable:
Check if ClipBucket version is build 5.5.2 #145 or earlier in admin panel or by examining version files.Check Version:
Check admin panel or examine includes/version.php file for build numberVerify Fix Applied:
Verify build number is 5.5.2 #146 or later. Test XSS payloads in video Tags, Genre, Actors, Producer, Executive Producer, Director fields and photo Title/Tags fields.📡 Detection & Monitoring
Log Indicators:
- Unusual script tags or JavaScript in video/photo metadata fields
- Multiple failed attempts to access admin_area endpoints from video/photo pages
Network Indicators:
- Unexpected fetch requests from video/photo pages to admin endpoints
- Script injection patterns in HTTP POST requests to video/photo update endpoints
SIEM Query:
source="web_logs" AND (uri="/admin_area" OR uri CONTAINS "video" OR uri CONTAINS "photo") AND (user_agent CONTAINS "script" OR referer CONTAINS "javascript:")