AVideo < 20.0 IDOR Arbitrary Video Rotation_CVE-2025-34438

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Description

AVideo versions prior to 20.0 contain an insecure direct object reference vulnerability allowing users with upload permissions to modify the rotation metadata of any video. The endpoint verifies upload capability but fails to enforce ownership or management rights for the targeted video.

Basic Information

ID CVE-2025-34438

Source VulnCheck

Published Dec 17, 2025 at 19:51

Affected Product

Vendor World Wide Broadcast Network

Product AVideo

Affected Versions World Wide Broadcast Network AVideo 0

CWE Classification

CWE-639

References

{
    "lastseen": "",
    "description": "AVideo versions prior to 20.0 contain an insecure direct object reference vulnerability allowing users with upload permissions to modify the rotation metadata of any video. The endpoint verifies upload capability but fails to enforce ownership or management rights for the targeted video.",
    "published": "2025-12-17T19:51:06.369Z",
    "modified": "2025-12-17T19:51:06.369Z",
    "type": "cve",
    "title": "AVideo < 20.0 IDOR Arbitrary Video Rotation",
    "source": "VulnCheck",
    "references": "https://github.com/WWBN/AVideo/commit/4a53ab2056\nhttps://github.com/WWBN/AVideo/commit/c2feaf25cb\nhttps://www.vulncheck.com/advisories/avideo-idor-arbirary-video-rotation",
    "id": "CVE-2025-34438",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "World Wide Broadcast Network AVideo 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AVideo",
    "version": "0",
    "vendor": "World Wide Broadcast Network",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}