CVE-2025-43703

MEDIUM

6.1

Descricao

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists because of an incomplete fix for CVE-2024-32484.

Detalhes CVE

Pontuacao CVSS v3.16.1

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado4/16/2025

Ultima modificacao10/9/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

ankitects:anki

Fraquezas (CWE)

CWE-830

Referencias

https://github.com/ankitects/anki/pull/3925(cve@mitre.org)

https://github.com/ankitects/anki/pull/3925/commits/24bca15fd3d9dc386916509eb2d4862d1184e709(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.