CVE-2025-34440

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-34440
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34440.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-34440
Published
2025-12-17T20:15:54.557Z
Modified
2026-03-14T15:05:08.209366Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks.

References

Affected packages

Git / github.com/wwbn/avideo

Affected ranges

Type
GIT
Repo
https://github.com/wwbn/avideo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4a53ab2056
Type
GIT
Repo
https://github.com/wwbn/avideo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
77c70019b0

Affected versions

10.*
10.4
10.8
Other
11
11.*
11.1
11.1.1
11.5
11.6
12.*
12.4
14.*
14.3
14.3.1
14.4
18.*
18.0
2.*
2.2
2.4
2.7
3.*
3.4
3.4.1
4.*
4.0
4.0.1
4.0.2
5.*
5.0
6.*
6.5
7.*
7.2
7.3
7.4
7.5
7.6
7.7
7.8
8.*
8.1
8.5
8.6
8.7
8.9
8.9.1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "20.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34440.json"