CVE-2025-34442

Published: Dec 17, 2025

Modified: May 14, 2026

PUBLISHED

Description

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

Vendor	Product	Versions
World Wide Broadcast Network	AVideo	affected `0 - < 20.1`

Weaknesses (CWE)

CWE-497

References

https://github.com/WWBN/AVideo/commit/4a53ab2056

release-notes

https://github.com/WWBN/AVideo/commit/dbe3e91c54

patch

https://www.vulncheck.com/advisories/avideo-system-path-disclosure-via-public-api

third-party-advisory

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/

technical-description

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-34442

Description

Affected Products

Weaknesses (CWE)

References