{“lastseen”:””,”description”:”AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.”,”published”:”2025-12-17T19:48:39.489Z”,”modified”:”2025-12-17T19:48:39.489Z”,”type”:”cve”,”title”:”AVideo \\u003c 20.0 System Path Disclosure via Public API”,”source”:”VulnCheck”,”references”:”https:\/\/github.com\/WWBN\/AVideo\/commit\/4a53ab2056\\nhttps:\/\/github.com\/WWBN\/AVideo\/commit\/dbe3e91c54\\nhttps:\/\/www.vulncheck.com\/advisories\/avideo-system-path-disclosure-via-public-api”,”id”:”CVE-2025-34442″,”bulletinFamily”:””,”cwe”:[“CWE-497″],”cvelist”:null,”sourceData”:”World Wide Broadcast Network AVideo 0″,”sourceHref”:””,”cvss”:{“score”:6.9,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”AVideo”,”version”:”0″,”vendor”:”World Wide Broadcast Network”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,48,12,21,13,7,11,5],"class_list":["post-31605","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-69","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n