CVE-2025-43703
- Source
- https://cve.org/CVERecord?id=CVE-2025-43703
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-43703.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-43703
- Downstream
- Published
- 2025-04-16T22:15:15.083Z
- Modified
- 2026-04-10T05:26:40.386210Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists because of an incomplete fix for CVE-2024-32484.
- References
Affected packages
Git / github.com/ankitects/anki
Affected versions
2.*
2.0.10
2.0.11
2.0.12
2.0.13
2.0.29
2.0.32
2.0.33
2.0.34
2.0.35
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.2
2.1.20
2.1.22
2.1.24
2.1.25
2.1.26
2.1.28
2.1.29
2.1.3
2.1.30
2.1.31
2.1.32
2.1.33
2.1.36
2.1.37
2.1.38
2.1.4
2.1.41
2.1.42
2.1.45
2.1.46
2.1.47
2.1.5
2.1.50
2.1.51
2.1.52
2.1.53
2.1.54
2.1.55
2.1.56
2.1.57
2.1.58
2.1.59
2.1.6
2.1.60
2.1.61
2.1.62
2.1.63
2.1.64
2.1.65
2.1.66
2.1.7
2.1.8
2.1.9
23.*
23.10
23.10.1
23.12
23.12.1
23.12beta1
23.12beta2
23.12beta3
23.12rc1
24.*
24.04
24.04.2beta1
24.04beta1
24.04rc1
24.04rc2
24.04rc3
24.06
24.06.1
24.06.2
24.06.3
24.06rc1
24.06rc2
24.10beta1
24.10beta2
24.10beta3
24.10beta4
24.10rc1
24.10rc2
24.11
24.11rc1
24.11rc2
25.*
25.01beta1
25.01rc1
25.02
25.02rc1