CVE-2025-69621 is an arbitrary file overwrite vulnerability identified in Comic Book Reader version 1.0.95. The vulnerability arises from insufficient validation of file paths during the file import process, allowing attackers to perform path traversal attacks (CWE-22). By crafting malicious file import requests, an attacker can overwrite critical internal files within the application or underlying system. This can lead to arbitrary code execution if executable files or scripts are overwritten or to exposure of sensitive information if configuration or data files are compromised. The vulnerability requires no authentication (PR:N) but does require user interaction (UI:R), such as the victim initiating a file import. The attack vector is network-based (AV:N), meaning exploitation can occur remotely. The CVSS v3.1 base score is 8.1, reflecting high impact on confidentiality and integrity but no impact on availability. No patches have been published yet, and no exploits are known in the wild. The vulnerability's root cause is improper sanitization of file paths, enabling directory traversal and arbitrary file writes outside the intended import directory. This flaw can be leveraged by attackers to gain persistent footholds or leak sensitive data, posing a significant risk to affected users.

The vulnerability poses a serious risk to organizations using Comic Book Reader v1.0.95, particularly those handling sensitive or proprietary digital content. Successful exploitation can lead to arbitrary code execution, allowing attackers to execute malicious payloads with the privileges of the application, potentially escalating to full system compromise. Overwriting configuration or credential files can expose sensitive information, leading to data breaches. The lack of authentication requirement and network accessibility increases the attack surface, enabling remote attackers to exploit the flaw without prior access. This can disrupt business operations, damage reputation, and incur financial losses. Media companies, digital libraries, and individual users relying on this software are particularly vulnerable. Although no active exploits are reported, the high CVSS score and ease of exploitation make this a critical issue to address promptly.

1. Monitor for official patches or updates from the Comic Book Reader vendor and apply them immediately upon release. 2. Until a patch is available, disable or restrict the file import functionality to trusted sources only. 3. Implement network-level controls such as web application firewalls (WAFs) to detect and block path traversal attempts targeting the import feature. 4. Employ strict input validation and sanitization on file paths to prevent directory traversal, ensuring that imported files cannot escape designated directories. 5. Run the application with the least privilege necessary, limiting file system permissions to reduce the impact of potential overwrites. 6. Use sandboxing or containerization to isolate the application environment, preventing compromised files from affecting the broader system. 7. Conduct regular security audits and penetration testing focused on file handling features. 8. Educate users about the risks of importing files from untrusted sources and encourage cautious behavior.