PT-2025-45522 · Calibre+1 · Calibre+1
Published
2025-11-07
·
Updated
2025-11-11
·
CVE-2025-64486
CVSS v4.0
9.3
Critical
| Vector | AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
calibre versions 8.13.0 and prior
Description
calibre is an e-book manager. Versions 8.13.0 and earlier do not validate filenames when handling binary assets within FB2 files. This allows an attacker to write arbitrary files to the filesystem when a malicious FictionBook file is viewed or converted, potentially leading to arbitrary code execution.
Recommendations
Update to calibre version 8.14.0 or later.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Calibre