CVE-2025-48732

Summary

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
WWBNAVideo14.4affected
WWBNAVideodev master commit 8a8954ffaffected

Weaknesses

  • CWE-184: CWE-184: Incomplete Blacklist

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

CVE Program Container

Additional References

References