CVE-2025-34434 — Missing Authentication for Critical Function in Wide Broadcast Network Avideo

CWE-306 — Missing Authentication for Critical Function2 documents2 sources

Severity

9.3CRITICALNVD

EPSS

0.3%

top 49.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

World Wide Broadcast Network Avideo Wwbn Avideo

Timeline

PublishedDec 17

Description

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload or delete images associated with any image-based video.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDwwbn/avideo< 20.0

▶CVEListV5world_wide_broadcast_network/avideo< 20.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-pjv2-vrgg-p8qv: AVideo versions prior to 20↗2025-12-17

▶