← volver
CVE-2025-34435

AVideo < 20.1 IDOR Arbitrary File Deletion

CVSS 8.7 HIGHEPSS 0.3%CWE-639
AVideo versions prior to 20.1 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
World Wide Broadcast Network · AVideo

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/https://github.com/WWBN/AVideo/commit/275a54268bhttps://github.com/WWBN/AVideo/commit/4a53ab2056https://www.vulncheck.com/advisories/avideo-idor-arbitrary-file-deletion