Back to search
CVE-2025-34438
Published: Dec 17, 2025
Modified: May 14, 2026
PUBLISHED
Description
AVideo versions prior to 20.1 contain an insecure direct object reference vulnerability allowing users with upload permissions to modify the rotation metadata of any video. The endpoint verifies upload capability but fails to enforce ownership or management rights for the targeted video.
| Vendor | Product | Versions |
|---|---|---|
World Wide Broadcast Network | AVideo | affected 0 - < 20.1 |
Weaknesses (CWE)
References
https://github.com/WWBN/AVideo/commit/4a53ab2056
release-notes
https://www.vulncheck.com/advisories/avideo-idor-arbirary-video-rotation
third-party-advisory
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/
technical-description
exploit
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now