The vulnerability identified as CVE-2026-25635 affects the calibre e-book manager, specifically its CHM (Microsoft Compiled HTML Help) reader component, in versions prior to 9.2.0. It is categorized under CWE-22, which involves improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. This flaw allows an attacker to manipulate file paths processed by the CHM reader to write arbitrary files to any location where the current user has write permissions. On Windows platforms, this can be exploited to achieve remote code execution (RCE) by writing a malicious executable or script to the Startup folder, causing the payload to run automatically upon the next user login. The vulnerability requires the victim to open a crafted CHM file, thus involving user interaction, and does not require elevated privileges or authentication. The CVSS v3.1 base score is 8.6 (high), reflecting the critical impact on confidentiality, integrity, and availability, with an attack vector of local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), and scope changed (S:C). The vulnerability was published on February 6, 2026, and has been addressed in calibre version 9.2.0. There are no known exploits reported in the wild as of now. The vulnerability poses a significant risk especially in environments where calibre is used on Windows systems and users may open untrusted CHM files.

For European organizations, this vulnerability presents a significant risk primarily on Windows endpoints where calibre is installed and used. Successful exploitation can lead to arbitrary file writes and remote code execution, potentially allowing attackers to execute malicious code with the privileges of the logged-in user. This can result in data theft, system compromise, lateral movement within networks, and persistence through startup folder payloads. Organizations in sectors with high use of e-book management or digital libraries, such as education, publishing, and research institutions, may be particularly impacted. The vulnerability could also be leveraged in targeted attacks or phishing campaigns involving malicious CHM files. Given the high CVSS score and the ability to achieve RCE, the impact on confidentiality, integrity, and availability is severe. However, exploitation requires user interaction and local access, which somewhat limits the attack surface compared to remote vulnerabilities. Nonetheless, the risk remains substantial for organizations with insufficient endpoint protection or user awareness.

European organizations should immediately upgrade all calibre installations to version 9.2.0 or later to remediate this vulnerability. Until upgrades can be performed, organizations should implement strict controls on the handling of CHM files, including blocking or quarantining CHM attachments in email gateways and endpoint security solutions. User education campaigns should emphasize the risks of opening untrusted CHM files and encourage caution with unknown e-book sources. Endpoint detection and response (EDR) tools should be configured to monitor and alert on suspicious file writes to startup folders or unusual process executions triggered by calibre. Application whitelisting can prevent unauthorized executables from running at startup. Network segmentation and least privilege principles should be enforced to limit the impact of potential compromises. Regular vulnerability scanning and patch management processes should be enhanced to ensure timely updates of calibre and other software. Finally, incident response plans should be updated to include detection and remediation steps for exploitation attempts involving this vulnerability.