Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-34441 — Exposure of Private Personal Information to an Unauthorized Actor in Wide Broadcast Network Avideo

CWE-359 — Exposure of Private Personal Information to an Unauthorized Actor3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

47.5%

top 2.29%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

World Wide Broadcast Network Avideo Wwbn Avideo

Timeline

PublishedDec 17

Description

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDwwbn/avideo< 20.0

▶CVEListV5world_wide_broadcast_network/avideo< 20.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9rpf-6v9q-87h5: AVideo versions prior to 20↗2025-12-17

▶

💥Exploits & PoCs

Metasploit

AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery↗

▶