Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-34442 — Exposure of Sensitive System Information to an Unauthorized Control Sphere in Wide Broadcast Network Avideo

CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere3 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

47.5%

top 2.29%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

World Wide Broadcast Network Avideo Wwbn Avideo

Timeline

PublishedDec 17

Description

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDwwbn/avideo< 20.0

▶CVEListV5world_wide_broadcast_network/avideo< 20.1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9jhw-7r2c-h2mf: AVideo versions prior to 20↗2025-12-17

▶

💥Exploits & PoCs

Metasploit

AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery↗

▶