Back to search
CVE-2025-34435
Published: Dec 17, 2025
Modified: May 14, 2026
PUBLISHED
Description
AVideo versions prior to 20.1 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video.
| Vendor | Product | Versions |
|---|---|---|
World Wide Broadcast Network | AVideo | affected 0 - < 20.1 |
Weaknesses (CWE)
References
https://github.com/WWBN/AVideo/commit/4a53ab2056
release-notes
https://www.vulncheck.com/advisories/avideo-idor-arbitrary-file-deletion
third-party-advisory
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/
technical-description
exploit
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now