CNNVD-202512-3237 Information
CNNVD ID
CNNVD-202512-3237
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
AVideo是World Wide Broadcast Network开源的一个广播网络创建工具。 AVideo 20.0之前版本存在安全漏洞,该漏洞源于上传功能缺少所有权检查,可能导致经过身份验证的用户向其他用户的目录上传文件。
Description (English)
AVideo is an open-source radio network creation tool for the World Wide Broadcast Network. There was a security loophole in the previous version of AVideo 20.0, which stemmed from the lack of ownership checks for uploading functions, which could lead to the uploading of files to other users ’ directories by an authentication user.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
World Wide Broadcast Network
Published
2025-12-17
Last Modified
2026-02-24
References
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/ https://github.com/WWBN/AVideo/commit/c279999cbd https://www.vulncheck.com/advisories/avideo-idor-arbitrary-file-upload https://github.com/WWBN/AVideo/commit/4a53ab2056 https://access.redhat.com/security/cve/cve-2025-34436
Patch
https://github.com/WWBN/AVideo
Share on: