CVE-2025-25214
published 2025-07-24CVE-2025-25214: A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of…
PriorityP348high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
EPSS
0.97%
57.6th percentile
A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_bind_9.16.15-1_on_cbl_mariner_1.0 | — | — |
| wwbn | avideo | — | — |
| wwbn | avideo | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pj98-r854-3m4h: A race condition vulnerability exists in the aVideoEncoder
ghsa_unreviewed·2025-07-24
CVE-2025-25214 [HIGH] CWE-362 GHSA-pj98-r854-3m4h: A race condition vulnerability exists in the aVideoEncoder
A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution.
Microsoft
A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly
vendor_msrc·2021-04-13·CVSS 6.5
CVE-2021-25214 [MEDIUM] CWE-617 A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly
A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
isc: isc
Customer Action Required: Yes
Remediation: CBL-Mariner Rele
No detection rules found.
No public exploits indexed.
Talos
WWBN, MedDream, Eclipse vulnerabilities
blogs_talos·2025-08-06·CVSS 8.8
[HIGH] WWBN, MedDream, Eclipse vulnerabilities
## WWBN, MedDream, Eclipse vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy .
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website .
## WWBN XSS, race condition, incomplete blacklist vulnerabilities
Discovered by Claudio Bozzato of Cisco Talos.
WWBN AVideo is a video streaming platform with hosting, management, and video monetizat
Talos
WWBN, MedDream, Eclipse vulnerabilities
blogs_talos·2025-08-06·CVSS 8.8
[HIGH] WWBN, MedDream, Eclipse vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
## WWBN XSS, race condition, incomplete blacklist vulnerabilities
Discovered by Claudio Bozzato of Cisco Talos.
WWBN AVideo is a video streaming platform with hosting, management, and video monetization features.
Talos found five cross-site scri
2025-07-24
Published