CVE-2025-34440
BaseFortify
Publication date: 2025-12-17
Last updated on: 2025-12-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wwbn | avideo | to 20.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34440 is an open redirect vulnerability in AVideo versions prior to 20.0. It occurs because the 'siteRedirectUri' parameter used during user registration is not properly validated. This allows attackers to redirect users to external, potentially malicious websites, which can be exploited to facilitate phishing attacks. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to redirect users of the AVideo platform to malicious external websites. This can lead to phishing attacks where users might be tricked into providing sensitive information or downloading malware, potentially compromising user security and trust. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the user registration endpoint of AVideo versions prior to 20.0 and checking for the presence and values of the 'siteRedirectUri' parameter. Look for requests where 'siteRedirectUri' contains external URLs that redirect users outside the trusted domain. Commands such as using curl or wget to test the registration URL with various 'siteRedirectUri' values can help detect the vulnerability. For example: curl -v 'https://your-avideo-site/signup?siteRedirectUri=https://malicious-site.com' and observe if the response redirects to the external URL. Additionally, reviewing web server logs for suspicious redirect parameters can help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade AVideo to version 20.0 or later where the issue is fixed. The patch includes validation and sanitization of the 'redirectUri' parameter to ensure only safe, internal URLs are allowed. If upgrading is not immediately possible, implement input validation on the 'siteRedirectUri' parameter to restrict redirects to trusted internal URLs only. Avoid using user-supplied redirect URLs without validation. Additionally, monitor and block suspicious redirect attempts at the web application firewall or reverse proxy level. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this open redirect vulnerability in AVideo affects compliance with common standards and regulations such as GDPR or HIPAA.