CVE-2025-34441

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-34441
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34441.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-34441
Published
2025-12-17T20:15:54.690Z
Modified
2026-03-14T12:43:36.353027Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

References

Affected packages

Git / github.com/wwbn/avideo

Affected ranges

Type
GIT
Repo
https://github.com/wwbn/avideo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1416c517e2
Type
GIT
Repo
https://github.com/wwbn/avideo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4a53ab2056

Affected versions

10.*
10.4
10.8
Other
11
11.*
11.1
11.1.1
11.5
11.6
12.*
12.4
14.*
14.3
14.3.1
14.4
18.*
18.0
2.*
2.2
2.4
2.7
3.*
3.4
3.4.1
4.*
4.0
4.0.1
4.0.2
5.*
5.0
6.*
6.5
7.*
7.2
7.3
7.4
7.5
7.6
7.7
7.8
8.*
8.1
8.5
8.6
8.7
8.9
8.9.1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "20.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "an"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34441.json"