Arbitrary Code Execution Vulnerability in WWBN AVideo by WWBN
CVE-2025-48732

7.3HIGH

Key Information:

Vendor: Wwbn
Status: Avideo
Vendor: CVE Published:; 24 July 2025

What is CVE-2025-48732?

A security vulnerability in the .htaccess sample of WWBN AVideo version 14.4 and dev master commit 8a8954ff allows attackers to exploit an incomplete blacklist. By sending a specially crafted HTTP request, it is possible for an attacker to trigger arbitrary code execution by accessing a .phar file. This can lead to potential unauthorized control over the affected system, posing serious risks to user data and privacy.

Affected Version(s)

AVideo 14.4

AVideo dev master commit 8a8954ff

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2025
Vulnerability Reserved
Jul 9, 2025

Credit

Discovered by Claudio Bozzato of Cisco Talos.