CVE-2025-34436

Published: Dec 17, 2025

Modified: May 14, 2026

PUBLISHED

Description

AVideo versions prior to 20.1 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks.

Vendor	Product	Versions
World Wide Broadcast Network	AVideo	affected `0 - < 20.1`

Weaknesses (CWE)

CWE-639

References

https://github.com/WWBN/AVideo/commit/4a53ab2056

release-notes

https://github.com/WWBN/AVideo/commit/c279999cbd

patch

https://www.vulncheck.com/advisories/avideo-idor-arbitrary-file-upload

third-party-advisory

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/

technical-description

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-34436

Description

Affected Products

Weaknesses (CWE)

References