CVE-2025-34441

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1

Description AVideo versions prior to 20.1 have an issue where sensitive user information is exposed through an unauthenticated public API endpoint. The responses from this endpoint include emails, usernames, administrative status, and last login times, which could allow for user enumeration and privacy violations. The affected API endpoint allows access to this information without requiring authentication.

Recommendations Update AVideo to version 20.1 or later.