CVE Catalog

CVE-2025-51057

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile - higher than 37% of all known CVEs

Summary

A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.

Risk Assessment

The risk involves potential leakage of sensitive data such as configuration files, passwords, or user data, which could lead to further attack escalation and compromise system integrity.

Recommendation

It is recommended to immediately update Vedo Suite to the latest version that includes a fix for the LFI vulnerability and to implement input validation for parameters passed to the 'readfile()' function.

Original NVD description (English source)

A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS