Code Execution Vulnerability in Anki by Ankitects
CVE-2025-62185
6.7MEDIUM
What is CVE-2025-62185?
In earlier versions of Anki, a vulnerability exists that allows a specially crafted shared deck to drop a malicious executable file into the application's media folder. This executable, which may appear as youtube-dl.exe, yt-dlp.exe, or yt-dlp_x86.exe, is subsequently executed when a specific YouTube link is triggered within the deck. This flaw presents a significant risk by enabling unauthorized command execution in the user's environment, thereby compromising the integrity and security of user systems.
Affected Version(s)
Anki 0 < 25.02.5
