Critical severityOSV Advisory· Published Nov 8, 2025· Updated Apr 15, 2026
CVE-2025-64486
CVE-2025-64486
Description
calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve arbitrary code execution. This issue is fixed in version 8.14.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 0.9.33, 0.9.34, 0.9.35, …
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.