CVE-2025-62186
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-07
Last updated on: 2025-10-10
Assigner: MITRE
Description
Description
Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ankitects | anki | to 25.02.5 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Ankitects Anki versions before 25.02.5 on Windows allows a crafted shared deck to execute arbitrary commands when playing audio due to improper handling of URL schemes.
How can this vulnerability impact me? :
An attacker could exploit this vulnerability to execute arbitrary commands on your Windows system without your interaction, potentially leading to unauthorized control or compromise of your system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70