We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-43703



Description

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists because of an incomplete fix for CVE-2024-32484.

Reserved 2025-04-16 | Published 2025-04-16 | Updated 2025-04-17 | Assigner mitre


MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-830 Inclusion of Web Functionality from an Untrusted Source

Product status

Default status
unknown

Any version
affected

References

github.com/ankitects/anki/pull/3925

github.com/...mmits/24bca15fd3d9dc386916509eb2d4862d1184e709

cve.org (CVE-2025-43703)

nvd.nist.gov (CVE-2025-43703)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-43703

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.