CNNVD-202512-3235 Information

Dec 17, 2025 cve

CNNVD ID

CNNVD-202512-3235

CVE-2025-34440

CNNVD Published: 2025-12-17

Description (Chinese)

AVideo是World Wide Broadcast Network开源的一个广播网络创建工具。 AVideo 20.0之前版本存在输入验证错误漏洞，该漏洞源于用户注册期间对siteRedirectUri参数验证不足，可能导致开放重定向和钓鱼攻击。

Description (English)

AVideo is an open-source radio network creation tool for the World Wide Broadcast Network. Prior to AVideo 20.0, there was an input validation error loophole, which stemmed from insufficient validation of the siteRedirectUri parameters during the user registration period, which could lead to open redirection and fishing attacks.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

World Wide Broadcast Network

Published

2025-12-17

Last Modified

2026-02-24

References

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/ https://www.vulncheck.com/advisories/avideo-open-redirect-via-siteredirecturi-parameter https://github.com/WWBN/AVideo/commit/77c70019b0 https://github.com/WWBN/AVideo/commit/4a53ab2056

Share on: