CNNVD-202512-3774 Information

CNNVD ID

CNNVD-202512-3774

Related CVE

CVE-2025-34433

• CNNVD Published: 2025-12-19

Description (Chinese)

AVideo是World Wide Broadcast Network开源的一个广播网络创建工具。 AVideo 14.3.1版本至20.1之前版本存在安全漏洞，该漏洞源于使用PHP uniqid()生成可预测的安装盐值，可能导致远程代码执行。

Description (English)

AVideo is an open-source radio network creation tool for the World Wide Broadcast Network. There is a security gap between AVideo version 14.3.1 and previous version 20.1, which arises from the use of PHP uniqid() to generate predictable installation salinity values, which may lead to remote code implementation.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

World Wide Broadcast Network

Published

2025-12-19

Last Modified

2026-02-24

References

https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/ https://github.com/WWBN/AVideo/commit/4a53ab2 https://github.com/WWBN/AVideo/commit/a2bdbff https://www.vulncheck.com/advisories/avideo-unauthenticated-rce-via-predictable-installation-salt https://access.redhat.com/security/cve/cve-2025-34433