Open Redirect Vulnerability in AVideo by WWBN
CVE-2025-34440

4.8MEDIUM

Key Information:

Vendor

World Wide Broadcast Network

Status
Avideo
Vendor
CVE Published:
17 December 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-34440?

AVideo versions prior to 20.0 are susceptible to an open redirect vulnerability due to inadequate validation of the siteRedirectUri parameter during user registration. This flaw allows attackers to redirect unsuspecting users to malicious external sites, creating a potential gateway for phishing scams and other nefarious activities. To safeguard users, it is imperative to apply the latest patches that rectify this vulnerability.

Affected Version(s)

AVideo 0 < 20.1

References

https://github.com/WWBN/AVideo/commit/4a53ab2056
release-notes
https://github.com/WWBN/AVideo/commit/77c70019b0
patch
https://www.vulncheck.com/advisories/avideo-open-redirect...
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Valentin Lobstein (Chocapikk)
JSON
.