How severe is CVE-2025-34441?

CVE-2025-34441 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-34441

Name: avideo
Author: wwbn

7.5HIGH

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabli

Publicado: 12/17/2025Actualizado: 12/19/2025

Descripción

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

Análisis IAImpulsado por IA

Productos Afectados

wwbnavideo

Referencias

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/
https://github.com/WWBN/AVideo/commit/1416c517e2
Patch
https://github.com/WWBN/AVideo/commit/4a53ab2056
Patch
https://www.vulncheck.com/advisories/avideo-user-information-disclosure-via-public-api
Third Party Advisory