Back to search
CVE-2025-34437
Published: Dec 17, 2025
Modified: May 14, 2026
PUBLISHED
Description
AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects.
| Vendor | Product | Versions |
|---|---|---|
World Wide Broadcast Network | AVideo | affected 0 - < 20.1 |
Weaknesses (CWE)
References
https://github.com/WWBN/AVideo/commit/4a53ab2056
release-notes
https://www.vulncheck.com/advisories/avideo-idor-arbitrary-comment-image-upload
third-party-advisory
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/
technical-description
exploit
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now