CVE-2025-48732 | THREATINT

Description

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.

PUBLISHED Reserved 2025-07-09 | Published 2025-07-24 | Updated 2025-11-03 | Assigner talos

HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-184: Incomplete Blacklist

Product status

14.4

affected

dev master commit 8a8954ff

affected

Credits

Discovered by Claudio Bozzato of Cisco Talos.

References

talosintelligence.com/vulnerability_reports/TALOS-2025-2213 exploit

www.talosintelligence.com/...ability_reports/TALOS-2025-2213

talosintelligence.com/vulnerability_reports/TALOS-2025-2213

cve.org (CVE-2025-48732)

nvd.nist.gov (CVE-2025-48732)

Download JSON