A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.
References
Configurations
No configuration.
History
07 Aug 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-98 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
References | () https://github.com/jacopoaugelli/vedo-suite-exploits - | |
Summary |
|
06 Aug 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-08-06 21:15
Updated : 2025-08-07 21:26
NVD link : CVE-2025-51057
Mitre link : CVE-2025-51057
CVE.ORG link : CVE-2025-51057
JSON object : View
Products Affected
No product.
CWE
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')