CVE-2025-62187
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames are not necessarily relative to the media folder).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ankitects | Anki | 0 < 25.02.6 | affected |
Weaknesses
- CWE-23: CWE-23 Relative Path Traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/ankitects/anki/releases/tag/25.02.6
- https://github.com/ankitects/anki/pull/4041
- https://github.com/ankitects/anki/pull/4041/commits/51476e05b281737a0c2924342bccdb6e5be52ea9
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.