CNNVD-202512-3342 Information

CNNVD ID

CNNVD-202512-3342

Related CVE

CVE-2025-34452

• CNNVD Published: 2025-12-18

Description (Chinese)

Streama是一个自托管流媒体服务器。 Streama 1.10.0版本至1.10.5版本和b7c8767之前版本存在代码问题漏洞，该漏洞源于字幕下载功能存在路径遍历和服务端请求伪造，可能导致远程代码执行。

Description (English)

Streama is a self-serving streaming media server. There is a code problem loophole in Stroama, Versions 1.1.0.0 to 1.10.5 and previous versions of b7c8767, which stems from the existence of a path-to-way loop for the subtitle download function and the falsification of service-end requests, which may result in remote code implementation.

Hazard Level

High

Vulnerability Type

代码问题

Published

2025-12-18

Last Modified

2026-02-24

References

https://chocapikk.com/posts/2025/streama-path-traversal-ssrf/ https://github.com/streamaserver/streama/commit/b7c8767 https://www.vulncheck.com/advisories/streama-subtitle-download-path-traversal-and-ssrf-leading-to-arbitrary-file-write

Patch

https://github.com/streamaserver/streama/releases