Home > Vulnerability Database > CVE-2025-34442

Mend.io Vulnerability Database

CVE-2025-34442

Good to know:

Date: December 17, 2025

AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains.

Severity Score

7.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-34442

Url: https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/

Url: https://github.com/WWBN/AVideo/commit/4a53ab2056

Url: https://www.vulncheck.com/advisories/avideo-system-path-disclosure-via-public-api

Url: https://github.com/WWBN/AVideo/commit/dbe3e91c54

Url: https://www.mend.io/vulnerability-database/CVE-2025-34442

Severity Score

7.5

Weakness Type (CWE)

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-34442

Good to know:

Date: December 17, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?