CVE-2025-43703

Name of the Vulnerable Software and Affected Versions Ankitects Anki versions prior to 25.02

Description The issue allows for attacker-controlled access to the internal API through a crafted shared deck, even without knowledge of an API key. This can be achieved through various methods, including scripts or the SRC attribute of an IMG element.

Recommendations For versions prior to 25.02, update to a version that includes a complete fix for the issue. As a temporary workaround, consider restricting access to shared decks or disabling the internal API until a patch is available. Avoid using crafted shared decks in the affected Ankitects Anki versions until the issue is resolved.