CVE-2025-34440

MEDIUM

Wwbn Avideo < 20.0 - Open Redirect

Title source: rule

Description

AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks.

References (4)

[Patch] https://github.com/WWBN/AVideo/commit/4a53ab2056

[Patch] https://github.com/WWBN/AVideo/commit/77c70019b0

View Patch ZIP pw:eip

[Third Party Advisory] https://www.vulncheck.com/advisories/avideo-open-redirect-via-siteredirecturi-parameter

[Various Sources] https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/

Scores

CVSS v3 6.1

EPSS 0.0005

EPSS Percentile 15.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (1)

wwbn/avideo < 20.0

Published Dec 17, 2025

Tracked Since Feb 18, 2026