Open Redirect Vulnerability in AVideo by WWBN
CVE-2025-34439

4.8MEDIUM

Key Information:

Vendor

World Wide Broadcast Network

Status
Avideo
Vendor
CVE Published:
17 December 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-34439?

AVideo prior to version 20.0 is susceptible to an open redirect vulnerability due to insufficient validation of the cancelUri parameter during the user login process. This flaw allows attackers to manipulate links, redirecting users to unauthorized external sites, which may facilitate phishing attempts. It is crucial for users and administrators to update to the latest version to mitigate this risk and protect sensitive information.

Affected Version(s)

AVideo 0 < 20.1

References

https://github.com/WWBN/AVideo/commit/4a53ab2056
release-notes
https://github.com/WWBN/AVideo/commit/88bc40427b
patch
https://www.vulncheck.com/advisories/avideo-open-redirect...
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Valentin Lobstein (Chocapikk)
JSON
.