Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 19, 2025

AVideo < 20.1 User Information Disclosure via Public API

CVE-2025-34441

Description

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

Affected products

WWBN/AvideoOSV

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/WWBN/AVideo/commit/1416c517e2mitrepatch
chocapikk.com/posts/2025/avideo-security-vulnerabilities/mitretechnical-descriptionexploit
www.vulncheck.com/advisories/avideo-user-information-disclosure-via-public-apimitrethird-party-advisory
github.com/WWBN/AVideo/commit/4a53ab2056mitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.033
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000