Asbplayer
CVE-2025-69771
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An arbitrary file upload vulnerability in the subtitle loading function of asbplayer v1.13.0 allows attackers to execute arbitrary code via uploading a crafted subtitle file.
AnalysisAI
Arbitrary file upload via subtitle loading in asbplayer v1.13.0 allows execution of malicious files through crafted subtitle files.
Technical ContextAI
CWE-434 unrestricted file upload through the subtitle loading function. Crafted subtitle files can execute arbitrary code.
RemediationAI
Update asbplayer. Implement file type validation for subtitle loading.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today