Home

Description

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames are not necessarily relative to the media folder).

PUBLISHED Reserved 2025-10-07 | Published 2025-10-07 | Updated 2025-10-08 | Assigner mitre




LOW: 2.9CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-23 Relative Path Traversal

Product status

Default status
unaffected

Any version before 25.02.6
affected

References

github.com/ankitects/anki/releases/tag/25.02.6

github.com/ankitects/anki/pull/4041

github.com/...mmits/51476e05b281737a0c2924342bccdb6e5be52ea9

cve.org (CVE-2025-62187)

nvd.nist.gov (CVE-2025-62187)

Download JSON