← voltar
CVE-2025-34435

AVideo < 20.1 IDOR Arbitrary File Deletion

CVSS 8.7 HIGHEPSS 0.3%CWE-639
AVideo versions prior to 20.1 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
World Wide Broadcast Network · AVideo

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/https://github.com/WWBN/AVideo/commit/275a54268bhttps://github.com/WWBN/AVideo/commit/4a53ab2056https://www.vulncheck.com/advisories/avideo-idor-arbitrary-file-deletion