CVE-2025-25214

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-25214
Type cve
Published 2025-07-24T15:10:58.938Z
Modified 2025-07-24T15:32:53.555Z

Product Information

Vendor WWBN
Product AVideo
Version 14.4

CVSS Information

Base Score 8.8 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

  • WWBN AVideo 14.4
  • WWBN AVideo dev master commit 8a8954ff

Additional Information

CWE List CWE-362
Source talos

Description

A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.