Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 19, 2025

AVideo < 20.1 IDOR Arbitrary Comment Image Upload

CVE-2025-34437

Description

AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects.

Affected products

WWBN/AvideoOSV

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/WWBN/AVideo/commit/d411f91805mitrepatch
chocapikk.com/posts/2025/avideo-security-vulnerabilities/mitretechnical-descriptionexploit
www.vulncheck.com/advisories/avideo-idor-arbitrary-comment-image-uploadmitrethird-party-advisory
github.com/WWBN/AVideo/commit/4a53ab2056mitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000