Video Publishing Flaw in Opencast by Opencast
CVE-2025-61906

2.3LOW

Key Information:

Vendor

Opencast

Status
Opencast
Vendor
CVE Published:
8 October 2025

What is CVE-2025-61906?

A vulnerability exists in the Opencast platform that allows the editor to publish videos without the user's proper notification. This could unintentionally expose internal media if a user, typically one with write access, clicks 'Save & Publish' and subsequently opts for 'Save'. Although the chances of this leading to real exposure are low, it poses a significant concern for users handling sensitive educational content. The issue has been resolved in the latest versions, 17.8 and 18.2, enhancing user control over video publishing.

Affected Version(s)

opencast < 17.8 < 17.8

opencast >= 18.0, < 18.2 < 18.0, 18.2

References

https://github.com/opencast/opencast/security/advisories/...
x_refsource_CONFIRM
https://github.com/opencast/opencast-editor/issues/1626
x_refsource_MISC
https://github.com/opencast/opencast-editor/commit/98ba19...
x_refsource_MISC

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61906 : Video Publishing Flaw in Opencast by Opencast