CVE-2025-62185

Medium CVSS: 6.7

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlp_x86.exe.

Vendor

Ankitects

Product

Anki

CWE

CWE-427

Yayın Tarihi

2025-10-07 21:15:38

Güncelleme

2025-10-10 16:21:24

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-427 Anki MEDIUM Ankitects 2025

Referanslar

https://github.com/ankitects/anki/commit/5080451829505842b16d4a50f398ad44560a3e48 https://github.com/ankitects/anki/commit/6213c9b6f99ebda181004f8915b92fe3618b939 https://github.com/ankitects/anki/compare/25.02.4...25.02.5

Benzer Kayıtlar

Low

CVE-2025-62187

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations o…

Medium

CVE-2025-62186

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio b…

Medium

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access…