CVE-2025-62185 is a vulnerability classified under CWE-427 (Uncontrolled Search Path Element) affecting Ankitects Anki versions prior to 25.02.5. The flaw allows an attacker to craft a shared deck containing a malicious executable file named similarly to popular YouTube downloader tools (e.g., youtube-dl.exe, yt-dlp.exe, yt-dlp_x86.exe) and place it in the media folder of the Anki application. When a user opens a YouTube link embedded in the deck, the application executes the malicious executable from the media folder due to improper validation and control over the search path for executables. This can lead to arbitrary code execution with the privileges of the user running Anki, potentially compromising confidentiality and integrity of user data. The vulnerability has a CVSS 3.1 score of 6.7, reflecting medium severity, with an attack vector classified as local (AV:L), high attack complexity (AC:H), no privileges required (PR:N), and no user interaction needed (UI:N). The scope is unchanged (S:U), and the impact is high on confidentiality and integrity but none on availability. No known exploits have been reported in the wild, but the risk remains for users who import untrusted shared decks. The vulnerability highlights the risk of executing untrusted code from application media directories without proper path validation or execution controls.

For European organizations, especially those in education, research, and technology sectors that use Anki for learning and training, this vulnerability poses a risk of arbitrary code execution leading to potential data breaches or manipulation of learning content. Confidentiality could be compromised if attackers access sensitive user data stored or processed by Anki. Integrity risks arise from the possibility of tampering with decks or injecting malicious content. Although the attack requires local access to the media folder, social engineering or distribution of malicious shared decks could facilitate exploitation. The lack of required user interaction reduces the complexity of exploitation once the malicious deck is imported. This could lead to targeted attacks on users in academic institutions or companies relying on Anki for knowledge management. The impact on availability is minimal, but the breach of confidentiality and integrity could have reputational and operational consequences, especially under GDPR regulations in Europe.

1. Update Anki to version 25.02.5 or later where this vulnerability is fixed. 2. Restrict execution permissions on the media folder to prevent execution of unauthorized binaries. 3. Implement strict validation and sanitization of shared decks before importing, including scanning for suspicious executables. 4. Educate users to avoid importing decks from untrusted sources and to verify the integrity of shared content. 5. Use application whitelisting or endpoint protection solutions to block execution of unauthorized executables in user directories. 6. Monitor Anki media folders for unexpected executable files and remove them promptly. 7. Consider running Anki in a sandboxed environment or with limited privileges to reduce impact of potential exploitation.