CVE-2025-43703
Last modified
CVE-2025-43703 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists because of an incomplete fix for CVE-2024-32484.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ankitects | Anki | <= 25.02 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-43703?
How severe is CVE-2025-43703?
How do I fix CVE-2025-43703?
Are you affected by CVE-2025-43703?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST