CVE-2025-34440
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-17

Last updated on: 2025-12-19

Assigner: VulnCheck

Description
AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2025-12-19
Generated
2026-06-16
AI Q&A
2025-12-18
EPSS Evaluated
2026-06-14
NVD
CVE-2025-34440
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wwbn avideo to 20.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided resources do not specify how this open redirect vulnerability in AVideo affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2025-34440 is an open redirect vulnerability in AVideo versions prior to 20.0. It occurs because the 'siteRedirectUri' parameter used during user registration is not properly validated. This allows attackers to redirect users to external, potentially malicious websites, which can be exploited to facilitate phishing attacks. [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to redirect users of the AVideo platform to malicious external websites. This can lead to phishing attacks where users might be tricked into providing sensitive information or downloading malware, potentially compromising user security and trust. [1]

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests to the user registration endpoint of AVideo versions prior to 20.0 and checking for the presence and values of the 'siteRedirectUri' parameter. Look for requests where 'siteRedirectUri' contains external URLs that redirect users outside the trusted domain. Commands such as using curl or wget to test the registration URL with various 'siteRedirectUri' values can help detect the vulnerability. For example: curl -v 'https://your-avideo-site/signup?siteRedirectUri=https://malicious-site.com' and observe if the response redirects to the external URL. Additionally, reviewing web server logs for suspicious redirect parameters can help identify exploitation attempts. [1]

Mitigation Strategies

To mitigate this vulnerability immediately, upgrade AVideo to version 20.0 or later where the issue is fixed. The patch includes validation and sanitization of the 'redirectUri' parameter to ensure only safe, internal URLs are allowed. If upgrading is not immediately possible, implement input validation on the 'siteRedirectUri' parameter to restrict redirects to trusted internal URLs only. Avoid using user-supplied redirect URLs without validation. Additionally, monitor and block suspicious redirect attempts at the web application firewall or reverse proxy level. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34440. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart