Volerion logoVolerion
Volerion logoVolerion

AVideo Information Disclosure Vulnerability via Public API

Vulnerability

A vulnerability exists in AVideo versions prior to 20.0, where absolute filesystem paths are disclosed through multiple public API endpoints. This metadata leak includes full server paths to media files, exposing the underlying filesystem structure and potentially aiding in the execution of more effective attack chains.

Impact

The vulnerability allows for the exposure of sensitive system information, specifically absolute filesystem paths, which can be exploited to enhance the effectiveness of attacks against the application or server.

Reproduction

The vulnerability can be reproduced by accessing the public API endpoints of an AVideo installation prior to version 20.0. The API responses will include absolute paths to media files, which can be used to infer the server's filesystem structure.

Remediation

Users can upgrade to AVideo version 20.0 or later, where this vulnerability has been addressed.

Added: Dec 17, 2025, 8:25 PM
Updated: Dec 17, 2025, 8:25 PM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
0.6
exploitability
8.6
remediation
7.7
relevance
1.5
threat
5.6
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.