CVE-2025-34436Authorization Bypass Through User-Controlled Key in Wide Broadcast Network Avideo

CWE-639Authorization Bypass Through User-Controlled Key2 documents2 sources
Severity
8.7HIGHNVD
EPSS
0.2%
top 63.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
World Wide Broadcast Network AvideoWwbn Avideo
Timeline
PublishedDec 17

Description

AVideo versions prior to 20.1 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDwwbn/avideo< 20.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
GHSA
GHSA-9p28-mpwc-hjwf: AVideo versions prior to 202025-12-17