Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 19, 2025

AVideo < 20.1 System Path Disclosure via Public API

CVE-2025-34442

Description

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

Affected products

WWBN/AvideoOSV

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/WWBN/AVideo/commit/dbe3e91c54mitrepatch
chocapikk.com/posts/2025/avideo-security-vulnerabilities/mitretechnical-descriptionexploit
www.vulncheck.com/advisories/avideo-system-path-disclosure-via-public-apimitrethird-party-advisory
github.com/WWBN/AVideo/commit/4a53ab2056mitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.033
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000