Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 19, 2025
AVideo < 20.1 Open Redirect via cancelUri Parameter
CVE-2025-34439
Description
AVideo versions prior to 20.1 are vulnerable to an open redirect flaw due to missing validation of the cancelUri parameter during user login. An attacker can craft a link to redirect users to arbitrary external sites, enabling phishing attacks.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/WWBN/AVideo/commit/88bc40427bmitrepatch
- chocapikk.com/posts/2025/avideo-security-vulnerabilities/mitretechnical-descriptionexploit
- www.vulncheck.com/advisories/avideo-open-redirect-via-canceluri-parametermitrethird-party-advisory
- github.com/WWBN/AVideo/commit/4a53ab2056mitrerelease-notes
News mentions
0No linked articles in our index yet.