CVE-2025-43703

Medium CVSS: 6.1

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists because of an incomplete fix for CVE-2024-32484.

Vendor

Ankitects

Product

Anki

CWE

CWE-830

Yayın Tarihi

2025-04-16 22:15:15

Güncelleme

2025-10-09 14:56:21

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-830 Anki MEDIUM Ankitects 2025

Referanslar

https://github.com/ankitects/anki/pull/3925 https://github.com/ankitects/anki/pull/3925/commits/24bca15fd3d9dc386916509eb2d4862d1184e709

Benzer Kayıtlar

Low

CVE-2025-62187

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations o…

Medium

CVE-2025-62185

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, a…

Medium

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio b…