CVE-2025-34442

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-34442
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34442.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-34442
Published
2025-12-17T20:15:54.823Z
Modified
2026-03-15T14:55:05.752956Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

References

Affected packages

Git / github.com/wwbn/avideo

Affected ranges

Type
GIT
Repo
https://github.com/wwbn/avideo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
4a53ab2056
Type
GIT
Repo
https://github.com/wwbn/avideo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
dbe3e91c54

Affected versions

10.*
10.4
10.8
Other
11
11.*
11.1
11.1.1
11.5
11.6
12.*
12.4
14.*
14.3
14.3.1
14.4
18.*
18.0
2.*
2.2
2.4
2.7
3.*
3.4
3.4.1
4.*
4.0
4.0.1
4.0.2
5.*
5.0
6.*
6.5
7.*
7.2
7.3
7.4
7.5
7.6
7.7
7.8
8.*
8.1
8.5
8.6
8.7
8.9
8.9.1

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "20.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34442.json"