CNNVD-202512-3234 Information
CNNVD ID
CNNVD-202512-3234
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
AVideo是World Wide Broadcast Network开源的一个广播网络创建工具。 AVideo 20.0之前版本存在安全漏洞,该漏洞源于端点缺少所有权或管理权限检查,可能导致具有上传权限的用户修改任意视频的旋转元数据。
Description (English)
AVideo is an open-source radio network creation tool for the World Wide Broadcast Network. There was a security loophole in the pre-AVideo 20.0 version, which stemmed from the lack of ownership or management clearance checks at the endpoint, which could lead users with upload permission to modify any video rotation metadata.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
World Wide Broadcast Network
Published
2025-12-17
Last Modified
2026-02-24
References
https://www.vulncheck.com/advisories/avideo-idor-arbirary-video-rotation https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/ https://github.com/WWBN/AVideo/commit/c2feaf25cb https://github.com/WWBN/AVideo/commit/4a53ab2056 https://access.redhat.com/security/cve/cve-2025-34438
Patch
https://github.com/WWBN/AVideo
Share on: