CVE-2025-51057

A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.
Configurations

No configuration.

History

07 Aug 2025, 14:15

Type Values Removed Values Added
CWE CWE-98
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References () https://github.com/jacopoaugelli/vedo-suite-exploits - () https://github.com/jacopoaugelli/vedo-suite-exploits -
Summary
  • (es) Una vulnerabilidad de inclusión de archivos locales (LFI) en Vedo Suite versión 2024.17 permite a atacantes autenticados remotos leer archivos arbitrarios del sistema de archivos explotando una llamada a la función 'readfile()' sin depurar en '/api_vedo/video/preview'.

06 Aug 2025, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-08-06 21:15

Updated : 2025-08-07 21:26


NVD link : CVE-2025-51057

Mitre link : CVE-2025-51057

CVE.ORG link : CVE-2025-51057


JSON object : View

Products Affected

No product.

CWE
CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')