CVE Daily

CVE-2025-51057

A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows ...

Medium CVSS 6.5

Overview

A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.

CWE: CWE-98 Published: 2025-08-06T21:15:30.417
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.5 (MEDIUM)
  • Detected tags: lfi (tag impact: MODERATE)

Recommended actions:

  • Normalize paths, use allowlists; block user-controlled file paths.

Recommended tools

Tags