CVE-2025-34439

Published: Dec 17, 2025

Modified: May 14, 2026

PUBLISHED

Description

AVideo versions prior to 20.1 are vulnerable to an open redirect flaw due to missing validation of the cancelUri parameter during user login. An attacker can craft a link to redirect users to arbitrary external sites, enabling phishing attacks.

Vendor	Product	Versions
World Wide Broadcast Network	AVideo	affected `0 - < 20.1`

Weaknesses (CWE)

CWE-601

References

https://github.com/WWBN/AVideo/commit/4a53ab2056

release-notes

https://github.com/WWBN/AVideo/commit/88bc40427b

patch

https://www.vulncheck.com/advisories/avideo-open-redirect-via-canceluri-parameter

third-party-advisory

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/

technical-description

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-34439

Description

Affected Products

Weaknesses (CWE)

References