CVE-2025-48732Incomplete List of Disallowed Inputs in Avideo

CWE-184Incomplete List of Disallowed Inputs4 documents3 sources
Severity
9.8CRITICALNVD
EPSS
1.2%
top 20.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Wwbn Avideo
Timeline
PublishedJul 24
Latest updateAug 6

Description

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5wwbn/avideodev master commit 8a8954ff
NVDwwbn/avideo14.4

🔴Vulnerability Details

1
GHSA
GHSA-c3rq-2h7j-m68m: An incomplete blacklist exists in the2025-07-24

🕵️Threat Intelligence

2
Talos
WWBN, MedDream, Eclipse vulnerabilities2025-08-06
Talos
WWBN, MedDream, Eclipse vulnerabilities2025-08-06