CVE-2025-48732

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2213	Exploit Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2213	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wwbn:avideo:14.4:*:*:*:*:*:*:*

History

29 Jul 2025, 16:52

Type	Values Removed	Values Added
CPE		cpe:2.3:a:wwbn:avideo:14.4:::::::*
Summary		(es) Existe una lista negra incompleta en la muestra .htaccess de WWBN AVideo 14.4 y el commit de desarrollo principal 8a8954ff. Una solicitud HTTP especialmente manipulada puede provocar la ejecución de código arbitrario. Un atacante puede solicitar un archivo .phar para activar esta vulnerabilidad.
First Time		Wwbn Wwbn avideo
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2025-2213 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2025-2213 - Exploit, Third Party Advisory

24 Jul 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-24 16:15

Updated : 2025-07-29 16:52

NVD link : CVE-2025-48732

Mitre link : CVE-2025-48732

CVE.ORG link : CVE-2025-48732

JSON object : View

Products Affected

wwbn

avideo

CWE

CWE-184

Incomplete List of Disallowed Inputs

{"id": "CVE-2025-48732", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-07-24T16:15:32.167", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2213", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2213", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-184"}]}], "descriptions": [{"lang": "en", "value": "An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability."}, {"lang": "es", "value": "Existe una lista negra incompleta en la muestra .htaccess de WWBN AVideo 14.4 y el commit de desarrollo principal 8a8954ff. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede solicitar un archivo .phar para activar esta vulnerabilidad."}], "lastModified": "2025-07-29T16:52:21.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wwbn:avideo:14.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6526CF6-ED23-4EBE-829F-90CD3BAA006A"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}