Arbitrary Command Execution in Anki on Windows Due to URL Scheme Mishandling
CVE-2025-62186
6.7MEDIUM
What is CVE-2025-62186?
A vulnerability in Anki, prior to version 25.02.5, exposes Windows users to arbitrary command execution risks via improperly handled URL schemes in shared decks. Malicious audio files can exploit this issue, allowing attackers to run commands without user consent when audio is played.
Affected Version(s)
Anki 0 < 25.02.5
