ГлавнаяУязвимости → CVE-2025-34442
7.5высокая

CVE-2025-34442

Описание

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

Затрагиваемое ПО
Wwbn Avideo
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/https://github.com/WWBN/AVideo/commit/4a53ab2056https://github.com/WWBN/AVideo/commit/dbe3e91c54https://www.vulncheck.com/advisories/avideo-system-path-disclosure-via-public-api