QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34434

Published: Dec 17, 2025

Modified: May 14, 2026

PUBLISHED

Description

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload or delete images associated with any image-based video.

Vendor	Product	Versions
World Wide Broadcast Network	AVideo	affected `0 - < 20.1`

Weaknesses (CWE)

References

https://github.com/WWBN/AVideo/commit/4a53ab2056

release-notes

https://github.com/WWBN/AVideo/commit/c279999cbd

patch

https://www.vulncheck.com/advisories/avideo-imagegallery-plugin-unauthenticated-file-upload-and-deletion

third-party-advisory

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/

technical-description

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.