CNNVD-202512-3233 Information
CNNVD ID
CNNVD-202512-3233
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
AVideo是World Wide Broadcast Network开源的一个广播网络创建工具。 AVideo 20.0之前版本存在输入验证错误漏洞,该漏洞源于用户登录期间缺少对cancelUri参数的验证,可能导致开放重定向和钓鱼攻击。
Description (English)
AVideo is an open-source radio network creation tool for the World Wide Broadcast Network. Prior to AVideo 20.0, there was an input validation error loophole, which resulted from the lack of validation of the cacelUri parameters during user login, which could lead to open redirection and fishing attacks.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
World Wide Broadcast Network
Published
2025-12-17
Last Modified
2026-02-24
References
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/ https://www.vulncheck.com/advisories/avideo-open-redirect-via-canceluri-parameter https://github.com/WWBN/AVideo/commit/88bc40427b https://github.com/WWBN/AVideo/commit/4a53ab2056 https://access.redhat.com/security/cve/cve-2025-34439
Patch
https://github.com/WWBN/AVideo
Share on: