CVE-2025-34442

EPSS 43.2%
Veröffentlicht 17.12.2025 19:48:39
Zuletzt bearbeitet 19.12.2025 19:15:51
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wwbn ≫ Avideo Version < 20.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	43.2%	0.974

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
disclosure@vulncheck.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

https://github.com/WWBN/AVideo/commit/4a53ab2056

Patch

https://github.com/WWBN/AVideo/commit/dbe3e91c54

Patch

https://www.vulncheck.com/advisories/avideo-system-path-disclosure-via-public-api

Third Party Advisory

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/

https://nvd.nist.gov/vuln/detail/CVE-2025-34442

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-34442

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-34442

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-34442