CVE-2025-34438 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

AVideo versions prior to 20.1 contain an insecure direct object reference vulnerability allowing users with upload permissions to modify the rotation metadata o…
Medium CVSS: 5.3

CVE-2025-34438

AVideo versions prior to 20.1 contain an insecure direct object reference vulnerability allowing users with upload permissions to modify the rotation metadata of any video. The endpoint verifies upload capability but fails to enforce ownership or management rights for the targeted video.
Vendor
Wwbn
Product
Avideo
CWE
CWE-639
Yayın Tarihi
2025-12-17 20:15:54
Güncelleme
2025-12-19 19:15:51
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-639 Avideo MEDIUM Wwbn 2025

Referanslar

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/ https://github.com/WWBN/AVideo/commit/4a53ab2056 https://github.com/WWBN/AVideo/commit/c2feaf25cb https://www.vulncheck.com/advisories/avideo-idor-arbirary-video-rotation