{"id":"CVE-2025-55912","details":"An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler","modified":"2026-04-02T12:55:16.671170Z","published":"2025-09-18T16:15:51Z","references":[{"type":"ADVISORY","url":"https://github.com/MacWarrior/clipbucket-v5/releases?page=2"},{"type":"FIX","url":"https://github.com/MacWarrior/clipbucket-v5/tree/5.5.0"},{"type":"FIX","url":"https://github.com/MacWarrior/clipbucket-v5/blob/5.5.0/upload/actions/photo_uploader.php"},{"type":"EVIDENCE","url":"https://medium.com/@mukund.s1337/cve-2025-55912-clipbucket-5-5-0-unauthenticated-arbitrary-file-upload-rce-720c0c0fbc58"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/macwarrior/clipbucket-v5","events":[{"introduced":"0"},{"last_affected":"329591ef904cdf7ac1be5f4f0fd3f4fa1b802cc4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.5.0"}]}}],"versions":["5.3","5.3.1","5.4.0","5.4.1","5.5.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55912.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}