VYPR
Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 19, 2025

AVideo < 20.1 User Information Disclosure via Public API

CVE-2025-34441

Description

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WWBN/AvideoOSV2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <20.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.