Path Disclosure Vulnerability in AVideo by WWBN
CVE-2025-34442

6.9MEDIUM

Key Information:

Vendor: World Wide Broadcast Network
Status: Avideo
Vendor: CVE Published:; 17 December 2025

🔔 Create World Wide Broadcast Network Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 42%

What is CVE-2025-34442?

AVideo versions prior to 20.0 are vulnerable to a path disclosure issue, which occurs through several public API endpoints. This vulnerability exposes absolute filesystem paths in the returned metadata, granting potential attackers insights into the server's underlying filesystem structure. By revealing information about media file locations, the vulnerability could facilitate exploitation or create avenues for further attacks on the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AVideo 0 < 20.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-34442 - Proof of Concept

References

https://github.com/WWBN/AVideo/commit/4a53ab2056

release-notes

https://github.com/WWBN/AVideo/commit/dbe3e91c54

patch

https://www.vulncheck.com/advisories/avideo-system-path-d...

third-party-advisory

EPSS Score

42% chance of being exploited in the next 30 days.

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

🟡
Public PoC available
Dec 17, 2025
👾
Exploit known to exist
Dec 17, 2025
Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Valentin Lobstein (Chocapikk)

JSON

World Wide Broadcast Network