CVE-2025-34435

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1

Description AVideo versions prior to 20.1 are susceptible to an insecure direct object reference (IDOR) that permits any authenticated user to delete media files owned by other users. The affected endpoint confirms authentication but does not verify ownership or editing rights for the specified video. The vulnerable endpoint fails to properly validate access controls, allowing unauthorized file deletion.

Recommendations Update AVideo to version 20.1 or later.