Primary

Context

AVideo Insecure Direct Object Reference Vulnerability Allowing Unauthorized Video Metadata Modification

Vulnerability

Patched

A vulnerability exists in AVideo versions prior to 20.0, allowing users with upload permissions to arbitrarily modify the rotation metadata of any video. This insecure direct object reference (IDOR) vulnerability arises because the endpoint checks for upload rights but does not verify ownership or management privileges for the video being edited.

Impact

Exploitation of this vulnerability allows for unauthorized modification of video rotation metadata, which could disrupt the intended presentation or usage of the video.

Remediation

Users can upgrade to AVideo version 20.0 or later, where this vulnerability has been addressed.

Added: Dec 17, 2025, 8:29 PM

Updated: Dec 17, 2025, 8:29 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.1

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.1

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVideo Insecure Direct Object Reference Vulnerability Allowing Unauthorized Video Metadata Modification

Vulnerability

Impact

Remediation

Affected Products

WWBN AVideo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating