CVE-2025-34442

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34442
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/
https://github.com/WWBN/AVideo/commit/4a53ab2056 Patch
https://github.com/WWBN/AVideo/commit/dbe3e91c54 Patch
https://www.vulncheck.com/advisories/avideo-system-path-disclosure-via-public-api Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*
History

19 Dec 2025, 19:15

Type Values Removed Values Added
References
  • () https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/ -

19 Dec 2025, 16:15

Type Values Removed Values Added
Summary (en) AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains. (en) AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

18 Dec 2025, 19:49

Type Values Removed Values Added
References () https://github.com/WWBN/AVideo/commit/4a53ab2056 - () https://github.com/WWBN/AVideo/commit/4a53ab2056 - Patch
References () https://github.com/WWBN/AVideo/commit/dbe3e91c54 - () https://github.com/WWBN/AVideo/commit/dbe3e91c54 - Patch
References () https://www.vulncheck.com/advisories/avideo-system-path-disclosure-via-public-api - () https://www.vulncheck.com/advisories/avideo-system-path-disclosure-via-public-api - Third Party Advisory
First Time Wwbn
Wwbn avideo
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*

17 Dec 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-17 20:15

Updated : 2025-12-19 19:15

NVD link : CVE-2025-34442

Mitre link : CVE-2025-34442

CVE.ORG link : CVE-2025-34442

JSON object : View

Products Affected

wwbn

  • avideo
CWE
CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere