What is the CVSS score of CVE-2020-37172?

CVE-2020-37172 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Avideo are affected by CVE-2020-37172?

Organizations using AVideo Platform 8.1 should be aware of moderate risk from CVE-2020-37172 rated CVSS 5.3. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2020-37172?

Yes, a public proof-of-concept exploit is available for CVE-2020-37172. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2020-37172?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Avideo CVE-2020-37172

MEDIUM

Weak Password Recovery Mechanism for Forgotten Password (CWE-640)

2026-02-11 disclosure@vulncheck.com

CSRF Avideo

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 18, 2026 - 19:37 vuln.today

Public exploit code

CVE Published

Feb 11, 2026 - 21:16 nvd

MEDIUM 5.3

DescriptionNVD

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

AnalysisAI

Avideo versions up to 8.1 is affected by weak password recovery mechanism for forgotten password (CVSS 5.3).

Technical ContextAI

This vulnerability (CWE-640: Weak Password Recovery Mechanism for Forgotten Password) affects Avideo. AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2020-37172 vulnerability details – vuln.today

Back

Avideo CVE-2020-37172

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code