CVE-2025-62186 MEDIUM

CVE-2025-62186

Vendor Ankitects
Product Anki
Weakness CWE-829 · Inclusion from untrusted sphere
Published October 7, 2025
Last update October 8, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling.

Key dates

02Disclosure timeline

October 7, 2025 CVE published
October 8, 2025 Record updated