CVE-2025-34434

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.0

Description The AVideo software, when used with the ImageGallery plugin enabled, has a security issue. Unauthenticated attackers can upload or delete images associated with any video due to missing authentication checks and lack of ownership validation in the plugin’s image gallery management endpoints. The affected plugin endpoints do not verify if a user is authorized to perform file operations.

Recommendations Update AVideo to version 20.0 or later.