VYPR
Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 19, 2025

AVideo < 20.1 ImageGallery Plugin Unauthenticated File Upload and Deletion

CVE-2025-34434

Description

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload or delete images associated with any image-based video.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.