CVE-2026-25635 is a path traversal vulnerability classified under CWE-22, found in the CHM (Microsoft Compiled HTML Help) reader component of the calibre e-book management software prior to version 9.2.0. This vulnerability allows an attacker to write arbitrary files to any location on the filesystem where the user has write permissions by exploiting improper limitation of pathname inputs. On Windows platforms, this can be leveraged to achieve remote code execution (RCE) by writing a malicious executable or script to the Startup folder, which will be executed automatically on the next user login. The attack vector requires the victim to open a specially crafted CHM file, thus necessitating user interaction. The vulnerability does not require elevated privileges but does require local access or social engineering to convince the user to open the malicious file. The CVSS v3.1 score of 8.6 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction. The vulnerability is fixed in calibre version 9.2.0, which properly restricts pathname traversal in the CHM reader. No public exploits have been reported yet, but the potential for exploitation exists given the ease of crafting malicious CHM files and the wide use of calibre as an e-book manager.

For European organizations, this vulnerability poses a significant risk primarily on Windows endpoints where calibre is used to manage e-books. Successful exploitation can lead to arbitrary file writes and remote code execution, potentially allowing attackers to install persistent malware, steal sensitive data, or disrupt operations. Organizations with employees who handle e-books or CHM files, especially in sectors like education, publishing, or libraries, are at higher risk. The ability to execute code with user-level permissions can be a stepping stone for lateral movement or privilege escalation within corporate networks. Given the widespread use of Windows in European enterprises and the popularity of calibre as a free e-book management tool, the attack surface is considerable. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers often weaponize such vulnerabilities rapidly after disclosure.

The primary mitigation is to upgrade all calibre installations to version 9.2.0 or later, where the vulnerability is patched. Organizations should enforce software update policies to ensure timely patching. Additionally, users should be trained to avoid opening CHM files from untrusted or unknown sources, as user interaction is required for exploitation. Endpoint protection solutions should be configured to monitor and block suspicious file writes to critical directories such as the Startup folder. Application whitelisting can prevent unauthorized executables from running at startup. Network segmentation and least privilege principles should be applied to limit the impact of any compromise. Finally, organizations should consider disabling or restricting the use of CHM files if they are not required in their workflows.