CVE-2025-62187 is a relative path traversal vulnerability classified under CWE-23, affecting Ankitects Anki versions prior to 25.02.6. The flaw arises because the application does not properly restrict media file pathnames to the designated media folder, allowing crafted sound file references to cause files to be written to arbitrary locations on both Windows and Linux platforms. This can lead to unauthorized modification of files outside the intended directory, potentially enabling an attacker with local access to alter application or system files. The vulnerability requires local access (Attack Vector: Local) and has a high attack complexity, meaning exploitation is non-trivial and likely requires specific conditions or knowledge. No privileges are required, and no user interaction is necessary once local access is obtained. The impact is limited to integrity, with no direct confidentiality or availability consequences. No known exploits have been reported in the wild, and no official patches were linked, but the issue is addressed in Anki version 25.02.6 and later. This vulnerability is particularly relevant for environments where Anki is used extensively for educational content, and where users might import or handle untrusted media files.

For European organizations, the primary impact is on data integrity within systems running vulnerable versions of Anki. Since the vulnerability allows arbitrary file writes, an attacker with local access could modify or replace files, potentially leading to application malfunction or the introduction of malicious code. Although the CVSS score is low, the risk increases in environments where Anki is widely used for training or educational purposes, especially in institutions with less stringent endpoint security controls. The threat could facilitate lateral movement or persistence if attackers leverage the file write capability to implant malicious payloads. However, the requirement for local access and high attack complexity limits the scope and scale of impact. Organizations relying on Anki for critical training or knowledge management should consider this vulnerability as a potential vector for integrity compromise.

1. Upgrade all Anki installations to version 25.02.6 or later, where this vulnerability is fixed. 2. Implement strict file system permissions to limit write access to the Anki media folder and prevent unauthorized file creation or modification outside designated directories. 3. Restrict local user privileges to minimize the risk of exploitation by untrusted users or malware. 4. Educate users to avoid importing untrusted or suspicious media files into Anki decks. 5. Employ endpoint protection solutions that monitor and alert on unusual file write activities, especially outside expected directories. 6. Regularly audit and monitor Anki installation directories for unauthorized file changes. 7. Consider application whitelisting to prevent execution of unauthorized binaries that could be introduced via this vulnerability.