CVE 8.7 HIGH

AVideo < 20.0 IDOR Arbitrary File Deletion_CVE-2025-34435

December 17, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

AVideo versions prior to 20.0 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video.

AI Analysis

Insecure direct object reference vulnerability allowing authenticated users to delete media files belonging to other users

Basic Information

ID CVE-2025-34435

Source VulnCheck

Published Dec 17, 2025 at 19:50

Affected Product

Vendor World Wide Broadcast Network

Product AVideo

Affected Versions World Wide Broadcast Network AVideo 0

CWE Classification

CWE-639

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor World Wide Broadcast Network

Product AVideo

Version < 20.0

References

{
    "lastseen": "",
    "description": "AVideo versions prior to 20.0 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video.",
    "published": "2025-12-17T19:50:30.354Z",
    "modified": "2025-12-17T19:50:30.354Z",
    "type": "cve",
    "title": "AVideo < 20.0 IDOR Arbitrary File Deletion",
    "source": "VulnCheck",
    "references": "https://github.com/WWBN/AVideo/commit/4a53ab2056\nhttps://github.com/WWBN/AVideo/commit/275a54268b\nhttps://www.vulncheck.com/advisories/avideo-idor-arbitrary-file-deletion",
    "id": "CVE-2025-34435",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "World Wide Broadcast Network AVideo 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AVideo",
    "version": "0",
    "vendor": "World Wide Broadcast Network",
    "ai_description": "Insecure direct object reference vulnerability allowing authenticated users to delete media files belonging to other users",
    "ai_severity": "High",
    "ai_vendor": "World Wide Broadcast Network",
    "ai_product": "AVideo",
    "ai_version": "< 20.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply