CVE-2025-34440

Sažetak

AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks.

Reference

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/
https://github.com/WWBN/AVideo/commit/4a53ab2056
https://github.com/WWBN/AVideo/commit/77c70019b0
https://www.vulncheck.com/advisories/avideo-open-redirect-via-siteredirecturi-parameter

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

19-12-2025 - 19:15

Objavljeno

17-12-2025 - 20:15