← Volver a CVEs
CVE-2025-43703
MEDIUM6.1
Descripcion
An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists because of an incomplete fix for CVE-2024-32484.
Detalles CVE
Puntuacion CVSS v3.16.1
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado4/16/2025
Ultima modificacion10/9/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
ankitects:anki
Debilidades (CWE)
CWE-830
Referencias
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.