Unrated severityOSV Advisory· Published Apr 15, 2025· Updated Aug 20, 2025

PeerTube ActivityPub Crawl Infinite Loop DoS

CVE-2025-32947

Description

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities.

Affected products

Chocobozzz/PeertubeOSV
Range: v0.0.11-alpha, v0.0.12-alpha, v0.0.13-alpha, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Chocobozzz/PeerTube/commit/76226d85685220db1495025300eca784d0336f7dmitrepatch
research.jfrog.com/vulnerabilities/peertube-activitypub-crawl-dos/mitrethird-party-advisory
github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1mitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000