CVE-2025-51057
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk37th percentile - higher than 37% of all known CVEs
Summary
A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.
Risk Assessment
The risk involves potential leakage of sensitive data such as configuration files, passwords, or user data, which could lead to further attack escalation and compromise system integrity.
Recommendation
It is recommended to immediately update Vedo Suite to the latest version that includes a fix for the LFI vulnerability and to implement input validation for parameters passed to the 'readfile()' function.
Original NVD description (English source)
A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'.

