VYPR
Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 19, 2025

AVideo < 20.1 System Path Disclosure via Public API

CVE-2025-34442

Description

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WWBN/AvideoOSV2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <20.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.