Bottinelli

**Name of the Vulnerable Software and Affected Versions** Vedo Suite version 2024.17 **Description** A local file inclusion vulnerability exists in Vedo Suite version 2024.17. This issue allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized `readfile()` function call within the `/api vedo/video/preview` API endpoint. **Recommendations** As a temporary workaround, consider restricting access to the `/api vedo/video/preview` API endpoint until a fix is available.