CVE-2025-34436

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-34436

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34436.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-34436

Published

2025-12-17T20:15:54.017Z

Modified

2026-03-15T13:45:20.355130Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

AVideo versions prior to 20.1 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks.

References

Affected packages

Git / github.com/wwbn/avideo

Affected ranges

Type: GIT
Repo: https://github.com/wwbn/avideo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4a53ab2056

Type: GIT
Repo: https://github.com/wwbn/avideo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c279999cbd

Affected versions

10.*

10.4

10.8

Other

11.*

11.1

11.1.1

11.5

11.6

12.*

12.4

14.*

14.3

14.3.1

14.4

18.*

18.0

2.*

2.2

2.4

2.7

3.*

3.4

3.4.1

4.*

4.0

4.0.1

4.0.2

5.*

5.0

6.*

6.5

7.*

7.2

7.3

7.4

7.5

7.6

7.7

7.8

8.*

8.1

8.5

8.6

8.7

8.9

8.9.1

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "20.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34436.json"