Unrated severityNVD Advisory· Published Oct 7, 2025· Updated Oct 8, 2025

CVE-2025-62185

Description

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlp_x86.exe.

Affected products

Ankitects/Ankillm-fuzzy
Range: <25.02.5
Ankitects/Ankiv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/ankitects/anki/commit/5080451829505842b16d4a50f398ad44560a3e48mitre
github.com/ankitects/anki/commit/6213c9b6f99ebda181004f8915b92fe3618b939mitre
github.com/ankitects/anki/compare/25.02.4...25.02.5mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000