CVE-2025-62187

LOW EPSS 5.6%
Published Oct 7, 20258mo ago · Modified Jun 17, 20261w ago
3.3 CVSS 3.1
Low
Find Similar
Published Oct 7, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames are not necessarily relative to the media folder).

CVSS Details

Base Score
3.3
Exploitability
1.8
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
5.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-23

Affected Products 1

VendorProductVersionRange
ankitectsanki* <25.02.6

References 3

  • github.com https://github.com/ankitects/anki/pull/4041
    Patch
  • github.com https://github.com/ankitects/anki/pull/4041/commits/51476e05b281737a0c2924342bccdb6e5be52ea9
    Patch
  • github.com https://github.com/ankitects/anki/releases/tag/25.02.6
    Release Notes

Remediation

  • github.com https://github.com/ankitects/anki/pull/4041
    Patch
  • github.com https://github.com/ankitects/anki/pull/4041/commits/51476e05b281737a0c2924342bccdb6e5be52ea9
    Patch