← volver
CVE-2025-34440

AVideo < 20.1 Open Redirect via siteRedirectUri Parameter

CVSS 4.8 MEDIUMEPSS 0.2%CWE-601
AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Productos afectados
World Wide Broadcast Network · AVideo

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/https://github.com/WWBN/AVideo/commit/4a53ab2056https://github.com/WWBN/AVideo/commit/77c70019b0https://www.vulncheck.com/advisories/avideo-open-redirect-via-siteredirecturi-parameter