CVE-2025-34441 | Severity.io

Description

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

Related CPE's

wwbn

avideo

Vulnerable

References

https://github.com/WWBN/AVideo/commit/1416c517e2

Patch

https://github.com/WWBN/AVideo/commit/4a53ab2056

Patch

https://www.vulncheck.com/advisories/avideo-user-information-disclosure-via-public-api

Third Party Advisory

Weaknesses

[email protected]

Secondary

CWE-359

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2025-12-17T20:15:54.690

47 hours ago

Last modified

2025-12-19T16:15:56.443

3 hours ago