CVE-2025-62187

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-62187
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62187.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-62187
Published
2025-10-07T21:15:39.143Z
Modified
2026-04-10T05:32:52.940253Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames are not necessarily relative to the media folder).

References

Affected packages

Git / github.com/ankitects/anki

Affected ranges

Type
GIT
Repo
https://github.com/ankitects/anki
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6381f1845ff2e79f4a424e6978c2a3e9bbb91735
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "25.02.6"
        }
    ]
}

Affected versions

2.*
2.0.10
2.0.11
2.0.12
2.0.13
2.0.29
2.0.32
2.0.33
2.0.34
2.0.35
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.2
2.1.20
2.1.22
2.1.24
2.1.25
2.1.26
2.1.28
2.1.29
2.1.3
2.1.30
2.1.31
2.1.32
2.1.33
2.1.36
2.1.37
2.1.38
2.1.4
2.1.41
2.1.42
2.1.45
2.1.46
2.1.47
2.1.5
2.1.50
2.1.51
2.1.52
2.1.53
2.1.54
2.1.55
2.1.56
2.1.57
2.1.58
2.1.59
2.1.6
2.1.60
2.1.61
2.1.62
2.1.63
2.1.64
2.1.65
2.1.66
2.1.7
2.1.8
2.1.9
23.*
23.10
23.10.1
23.12
23.12.1
23.12beta1
23.12beta2
23.12beta3
23.12rc1
24.*
24.04
24.04.2beta1
24.04beta1
24.04rc1
24.04rc2
24.04rc3
24.06
24.06.1
24.06.2
24.06.3
24.06rc1
24.06rc2
24.10beta1
24.10beta2
24.10beta3
24.10beta4
24.10rc1
24.10rc2
24.11
24.11rc1
24.11rc2
25.*
25.01beta1
25.01rc1
25.02
25.02.1
25.02.2
25.02.4
25.02.5
25.02rc1
Other
show

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62187.json"