CVE-2025-62186

Summary

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling.

Affected Software

VendorProductVersion RangeStatus
AnkitectsAnki0 < 25.02.5affected

Weaknesses

  • CWE-829: CWE-829 Inclusion of Functionality from Untrusted Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References