Security Advisory

CVE-2025-34434

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-17 19:49:56
Last updated 2026-06-23 16:13:28
Assigner VulnCheck
State PUBLISHED

Description

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload or delete images associated with any image-based video.