CVE 6.9 MEDIUM

AVideo < 20.0 System Path Disclosure via Public API_CVE-2025-34442

December 17, 2025 invoker category_cve
6.9 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Description

AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

Basic Information

ID CVE-2025-34442
Source VulnCheck
Published Dec 17, 2025 at 19:48

Affected Product

Vendor World Wide Broadcast Network
Product AVideo
Affected Versions World Wide Broadcast Network AVideo 0

CWE Classification

CWE-497

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.