PT-2025-41189 · Anki · Anki
Michael Lappas
·
Published
2025-10-07
·
Updated
2025-10-07
·
CVE-2025-62187
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Anki versions prior to 25.02.6
Description
A flaw exists in Anki that allows crafted sound file references to potentially cause files to be written to arbitrary locations on Windows and Linux systems. This occurs because media file pathnames are not necessarily relative to the media folder.
Recommendations
Update to version 25.02.6 or later.
Fix
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Anki