CVE-2025-25214 | THREATINT

Description

A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution.

PUBLISHED Reserved 2025-07-09 | Published 2025-07-24 | Updated 2025-11-03 | Assigner talos

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Product status

14.4

affected

dev master commit 8a8954ff

affected

Credits

Discovered by Claudio Bozzato of Cisco Talos.

References

www.talosintelligence.com/...ability_reports/TALOS-2025-2212

talosintelligence.com/vulnerability_reports/TALOS-2025-2212

cve.org (CVE-2025-25214)

nvd.nist.gov (CVE-2025-25214)

Download JSON