Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 19, 2025

AVideo < 20.1 IDOR Arbitrary Video Rotation

CVE-2025-34438

Description

AVideo versions prior to 20.1 contain an insecure direct object reference vulnerability allowing users with upload permissions to modify the rotation metadata of any video. The endpoint verifies upload capability but fails to enforce ownership or management rights for the targeted video.

Affected products

WWBN/AvideoOSV

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/WWBN/AVideo/commit/c2feaf25cbmitrepatch
chocapikk.com/posts/2025/avideo-security-vulnerabilities/mitretechnical-descriptionexploit
www.vulncheck.com/advisories/avideo-idor-arbirary-video-rotationmitrethird-party-advisory
github.com/WWBN/AVideo/commit/4a53ab2056mitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000