{"id":"CVE-2025-32943","details":"The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint.","modified":"2026-04-10T05:25:17.237930Z","published":"2025-04-15T11:15:45.690Z","references":[{"type":"ADVISORY","url":"https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1"},{"type":"EVIDENCE","url":"https://research.jfrog.com/vulnerabilities/peertube-hls-path-traversal/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/chocobozzz/peertube","events":[{"introduced":"0"},{"fixed":"b9c3a4837e6a5e5d790e55759e3cf2871df4f03c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"7.1.1"}]}}],"versions":["v0.0.11-alpha","v0.0.12-alpha","v0.0.13-alpha","v0.0.14-alpha","v0.0.16-alpha","v0.0.17-alpha","v0.0.18-alpha","v0.0.19-alpha","v0.0.20-alpha","v0.0.21-alpha","v0.0.22-alpha","v0.0.23-alpha","v0.0.27-alpha","v0.0.28-alpha","v0.0.29-alpha","v0.0.3-alpha","v0.0.4-alpha","v0.0.5-alpha","v0.0.6-alpha","v0.0.8-alpha","v0.0.9-alpha","v1.0.0-alpha.1","v1.0.0-alpha.10","v1.0.0-alpha.2","v1.0.0-alpha.3","v1.0.0-alpha.4","v1.0.0-alpha.5","v1.0.0-alpha.6","v1.0.0-alpha.7","v1.0.0-alpha.8","v1.0.0-alpha.9","v1.0.0-beta.1","v1.0.0-beta.10.pre.1","v1.0.0-beta.10.pre.2","v1.0.0-beta.10.pre.3","v1.0.0-beta.11","v1.0.0-beta.12","v1.0.0-beta.13","v1.0.0-beta.14","v1.0.0-beta.15","v1.0.0-beta.16","v1.0.0-beta.2","v1.0.0-beta.3","v1.0.0-beta.4","v1.0.0-beta.5","v1.0.0-beta.6","v1.0.0-beta.7","v1.0.0-beta.8","v1.0.0-beta.9","v1.0.0-rc.1","v1.0.0-rc.2","v1.1.0","v1.1.0-alpha.1","v1.1.0-rc.1","v1.3.0-rc.1","v1.4.0-rc.1","v2.0.0","v2.0.0-rc.1","v2.1.0-rc.1","v2.2.0-rc.1","v2.3.0-rc.1","v2.4.0","v2.4.0-rc.1","v3.0.0","v3.0.0-rc.1","v3.1.0-rc.1","v3.3.0","v3.3.0-rc.1","v3.4.0","v3.4.0-rc.1","v4.0.0-rc.1","v4.1.0","v4.1.0-rc.1","v4.2.0-rc.1","v4.3.0","v4.3.0-rc.1","v5.0.0","v5.0.0-rc.1","v5.1.0-rc.1","v5.2.0","v5.2.0-rc.1","v6.0.0","v6.0.0-rc.1","v6.0.0-rc.2","v6.0.1","v6.0.2","v6.1.0","v6.1.0-rc.1","v6.2.0","v6.2.0-rc.1","v6.2.1","v6.3.0","v6.3.0-rc.1","v6.3.1","v7.0.0","v7.0.0-rc.1","v7.0.1","v7.1.0","v7.1.0-rc.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32943.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}