CVE-2025-34441

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34441
AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/
https://github.com/WWBN/AVideo/commit/1416c517e2 Patch
https://github.com/WWBN/AVideo/commit/4a53ab2056 Patch
https://www.vulncheck.com/advisories/avideo-user-information-disclosure-via-public-api Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*
History

19 Dec 2025, 19:15

Type Values Removed Values Added
References
  • () https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/ -

19 Dec 2025, 16:15

Type Values Removed Values Added
Summary (en) AVideo versions prior to 20.0 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations. (en) AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

18 Dec 2025, 19:49

Type Values Removed Values Added
References () https://github.com/WWBN/AVideo/commit/1416c517e2 - () https://github.com/WWBN/AVideo/commit/1416c517e2 - Patch
References () https://github.com/WWBN/AVideo/commit/4a53ab2056 - () https://github.com/WWBN/AVideo/commit/4a53ab2056 - Patch
References () https://www.vulncheck.com/advisories/avideo-user-information-disclosure-via-public-api - () https://www.vulncheck.com/advisories/avideo-user-information-disclosure-via-public-api - Third Party Advisory
CPE cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
First Time Wwbn
Wwbn avideo

17 Dec 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-17 20:15

Updated : 2025-12-19 19:15

NVD link : CVE-2025-34441

Mitre link : CVE-2025-34441

CVE.ORG link : CVE-2025-34441

JSON object : View

Products Affected

wwbn

  • avideo
CWE
CWE-359

Exposure of Private Personal Information to an Unauthorized Actor