How severe is CVE-2025-34441?

CVE-2025-34441 has a CVSS v3 score of 7.5 (HIGH).

CVE-2025-34441

Name: avideo
Author: wwbn

7.5HIGH

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabli

公開日: 12/17/2025更新日: 12/19/2025

説明

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

AI分析AIによる分析

影響を受ける製品

wwbnavideo

参照

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/
https://github.com/WWBN/AVideo/commit/1416c517e2
Patch
https://github.com/WWBN/AVideo/commit/4a53ab2056
Patch
https://www.vulncheck.com/advisories/avideo-user-information-disclosure-via-public-api
Third Party Advisory