Back to search
CVE-2025-34441
Published: Dec 17, 2025
Modified: May 14, 2026
PUBLISHED
Description
AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.
| Vendor | Product | Versions |
|---|---|---|
World Wide Broadcast Network | AVideo | affected 0 - < 20.1 |
Weaknesses (CWE)
References
https://github.com/WWBN/AVideo/commit/4a53ab2056
release-notes
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/
technical-description
exploit
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now