CVE 8.7 HIGH

AVideo < 20.0 IDOR Arbitrary File Upload_CVE-2025-34436

December 17, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

AVideo versions prior to 20.0 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks.

AI Analysis

Insecure direct object reference vulnerability allowing authenticated users to upload files into other users' directories

Basic Information

ID CVE-2025-34436

Source VulnCheck

Published Dec 17, 2025 at 19:50

Affected Product

Vendor World Wide Broadcast Network

Product AVideo

Affected Versions World Wide Broadcast Network AVideo 0

CWE Classification

CWE-639

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor World Wide Broadcast Network

Product AVideo

Version < 20.0

References

{
    "lastseen": "",
    "description": "AVideo versions prior to 20.0 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks.",
    "published": "2025-12-17T19:50:12.666Z",
    "modified": "2025-12-17T19:50:12.666Z",
    "type": "cve",
    "title": "AVideo < 20.0 IDOR Arbitrary File Upload",
    "source": "VulnCheck",
    "references": "https://github.com/WWBN/AVideo/commit/4a53ab2056\nhttps://github.com/WWBN/AVideo/commit/c279999cbd\nhttps://www.vulncheck.com/advisories/avideo-idor-arbitrary-file-upload",
    "id": "CVE-2025-34436",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "World Wide Broadcast Network AVideo 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AVideo",
    "version": "0",
    "vendor": "World Wide Broadcast Network",
    "ai_description": "Insecure direct object reference vulnerability allowing authenticated users to upload files into other users' directories",
    "ai_severity": "High",
    "ai_vendor": "World Wide Broadcast Network",
    "ai_product": "AVideo",
    "ai_version": "< 20.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply