CVE 8.7 HIGH

AVideo < 20.0 IDOR Arbitrary Comment Image Upload_CVE-2025-34437

December 17, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

AVideo versions prior to 20.0 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects.

AI Analysis

Arbitrary comment image upload vulnerability in AVideo prior to version 20.0, allowing authenticated users to upload images to videos owned by other users.

Basic Information

ID CVE-2025-34437

Source VulnCheck

Published Dec 17, 2025 at 19:50

Affected Product

Vendor World Wide Broadcast Network

Product AVideo

Affected Versions World Wide Broadcast Network AVideo 0

CWE Classification

CWE-639

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor World Wide Broadcast Network

Product AVideo

Version < 20.0

References

{
    "lastseen": "",
    "description": "AVideo versions prior to 20.0 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects.",
    "published": "2025-12-17T19:50:45.499Z",
    "modified": "2025-12-17T19:50:45.499Z",
    "type": "cve",
    "title": "AVideo < 20.0 IDOR Arbitrary Comment Image Upload",
    "source": "VulnCheck",
    "references": "https://github.com/WWBN/AVideo/commit/4a53ab2056\nhttps://github.com/WWBN/AVideo/commit/d411f91805\nhttps://www.vulncheck.com/advisories/avideo-idor-arbitrary-comment-image-upload",
    "id": "CVE-2025-34437",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "World Wide Broadcast Network AVideo 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AVideo",
    "version": "0",
    "vendor": "World Wide Broadcast Network",
    "ai_description": "Arbitrary comment image upload vulnerability in AVideo prior to version 20.0, allowing authenticated users to upload images to videos owned by other users.",
    "ai_severity": "High",
    "ai_vendor": "World Wide Broadcast Network",
    "ai_product": "AVideo",
    "ai_version": "< 20.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply