← voltar
CVE-2025-34442

AVideo < 20.1 System Path Disclosure via Public API

CVSS 6.9 MEDIUMEPSS 0.7%CWE-497
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Produtos afetados
World Wide Broadcast Network · AVideo

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/https://github.com/WWBN/AVideo/commit/4a53ab2056https://github.com/WWBN/AVideo/commit/dbe3e91c54https://www.vulncheck.com/advisories/avideo-system-path-disclosure-via-public-api