CVE-2025-69618
Unknown Unknown - Not Provided
Arbitrary File Overwrite in Tarot v11.4.0 Enables Code Execution

Publication date: 2026-02-04

Last updated on: 2026-03-13

Assigner: MITRE

Description
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69618
EUVD
EUVD-2025-206818
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
coto.world coto 11.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-69618 is an arbitrary file overwrite vulnerability in the file import process of the Tarot, Astro & Healing Android app version 11.4.0 developed by COMMUNITY PLATFORM PTE.LTD.'}, {'type': 'paragraph', 'content': "The vulnerability arises because the app does not properly validate file paths during import, allowing an attacker to use path traversal techniques to overwrite critical internal files within the app's storage."}, {'type': 'paragraph', 'content': 'This flaw can be exploited by a malicious app that sends a specially crafted intent to the vulnerable app, causing it to overwrite sensitive files such as configuration or executable files.'}] [2]

Impact Analysis

Exploitation of this vulnerability can have severe impacts including arbitrary code execution, exposure of sensitive information, denial of service, app malfunction, or failure to launch.

Because the attacker can overwrite internal files, they may inject malicious code or disrupt the normal operation of the app, potentially compromising the device or user data.

The attack requires minimal user interaction and can be triggered automatically when the victim opens the malicious app.

Compliance Impact

I don't know

Detection Guidance

Detection of CVE-2025-69618 involves monitoring for suspicious file import activities in the Tarot, Astro & Healing app (version 11.4.0), especially those that attempt path traversal to overwrite internal files.

One approach is to check for unexpected modifications to sensitive internal files such as /data/data/world.eve.coto/shared_prefs/WebViewChromiumPrefs.xml, which can be overwritten by the exploit.

On a rooted Android device or emulator, you can use commands like:

  • adb shell ls -l /data/data/world.eve.coto/shared_prefs/WebViewChromiumPrefs.xml
  • adb shell stat /data/data/world.eve.coto/shared_prefs/WebViewChromiumPrefs.xml
  • adb shell cat /data/data/world.eve.coto/shared_prefs/WebViewChromiumPrefs.xml

Additionally, monitoring app intents with action ACTION_SEND targeting the vulnerable MainActivity for suspicious file URIs with crafted _display_name parameters can help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include:

  • Avoid importing files from untrusted sources into the Tarot, Astro & Healing app version 11.4.0.
  • Restrict or monitor app permissions that allow file imports or access to internal storage.
  • If possible, update the app to a version where this vulnerability is patched.
  • Monitor for unusual app behavior such as crashes, failure to launch, or unexpected changes in configuration files.

Since the vulnerability arises from improper validation of imported file paths, applying input validation or sandboxing measures at the app level is recommended once a patch is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69618. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart