PT-2025-51875 · Avideo · Avideo
Valentin Lobstein
·
Published
2025-12-17
·
Updated
2025-12-21
·
CVE-2025-34442
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AVideo versions prior to 20.1
Description
AVideo versions prior to 20.1 disclose absolute filesystem paths through multiple public API endpoints. The returned metadata includes full server paths to media files, revealing the underlying filesystem structure and potentially enabling more effective attack chains.
Recommendations
Update AVideo to version 20.1 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avideo