exploitDog

CVE-2025-34442

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*

Версия до 20.0 (исключая)

EPSS

Процентиль: 97%

0.43202

Средний

7.5 High

CVSS3

Дефекты

CWE-497

Связанные уязвимости

GHSA-9jhw-7r2c-h2mf

CVSS3: 7.5

github

3 месяца назад

AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

EPSS

Процентиль: 97%

0.43202

Средний

7.5 High

CVSS3

Дефекты

CWE-497