{"cve":{"cve_id":"CVE-2025-62187","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.0016,"epss_percentile":0.05517,"epss_as_of":"2026-06-23","description":"In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames are not necessarily relative to the media folder).","published_at":"2025-10-07T00:00:00Z","last_modified_at":null,"cvss_v3_score":2.9,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss_v3_severity":"LOW","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-23"],"nvd_references":["https://github.com/ankitects/anki/releases/tag/25.02.6","https://github.com/ankitects/anki/pull/4041","https://github.com/ankitects/anki/pull/4041/commits/51476e05b281737a0c2924342bccdb6e5be52ea9"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:27:59.803237Z"},"effective_severity":"LOW","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"ankitects","vendor_name":"Ankitects","product_slug":"anki","product_name":"Anki","version_start":"0","version_start_inclusive":true,"version_end":"25.02.6","version_end_inclusive":false,"cpe23_uri":"cve5:ankitects:anki:0:25.02.6"}],"exploit_refs":[],"news":[],"references":[{"url":"https://github.com/ankitects/anki/releases/tag/25.02.6","source_type":"PATCH","tags":["patch"]},{"url":"https://github.com/ankitects/anki/pull/4041","source_type":"PATCH","tags":["patch"]},{"url":"https://github.com/ankitects/anki/pull/4041/commits/51476e05b281737a0c2924342bccdb6e5be52ea9","source_type":"PATCH","tags":["patch"]}],"timeline":[{"type":"published","at":"2025-10-07T00:00:00Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:48:46.883421Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:46.883421Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:48:46.883421Z","label":"CVSS score revised","source":"cvelistv5"}]}