CVE-2025-34435

Sažetak

AVideo versions prior to 20.1 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video.

Reference

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/
https://github.com/WWBN/AVideo/commit/275a54268b
https://github.com/WWBN/AVideo/commit/4a53ab2056
https://www.vulncheck.com/advisories/avideo-idor-arbitrary-file-deletion

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Zadnje važnije ažuriranje

19-12-2025 - 19:15

Objavljeno

17-12-2025 - 20:15