Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AV:N because malicious deck is fetched/shared over network and exfiltrates remotely; UI:R because user must import the deck; C:H for arbitrary file read; no integrity or availability impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
2Blast Radius
ecosystem impact- 1 pypi packages depend on aqt (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 25.9.4.
DescriptionCVE.org
Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and editor scripts. A malicious imported card package with an embedded iframe can use exposed API methods such as getImageForOcclusion to read arbitrary files accessible to the Anki process and exfiltrate them over the network. This issue is fixed in version 25.09.4.
AnalysisAI
Arbitrary file read and exfiltration in Anki prior to 25.09.4 allows a remote attacker to access sensitive files on a victim's system by distributing a maliciously crafted card package (.apkg). The root cause is an origin validation failure (CWE-346) in Anki's internal localhost API, which fails to block iframe-embedded scripts from accessing privileged backend methods such as getImageForOcclusion. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The victim must actively import a malicious Anki card package (.apkg) - this is the required user interaction step reflected in CVSS UI:R. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) reflects a realistic threat model: no attacker privileges or special configuration required, but a user interaction step (importing the malicious deck) limits automated exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes a malicious Anki deck package (.apkg) - disguised as a legitimate study resource - to a community sharing site or delivers it via phishing. When a victim imports the deck, an embedded iframe loads and calls the unprotected internal localhost API method getImageForOcclusion or similar endpoints to read sensitive files (e.g., SSH private keys, stored credentials) from the victim's filesystem and transmits them to an attacker-controlled server via outbound HTTP. … |
| Remediation | Vendor-released patch: 25.09.4. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. Rated high severity
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. Rate
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. Rated medium severity (CVSS 6.5), this vulnera
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. Rated medium severity (CVSS
An issue was discovered in Ankitects Anki through 25.02. Rated medium severity (CVSS 6.1), this vulnerability is remotel
Cross-origin request forgery against Anki's local HTTP server allows a malicious website to trigger unauthorized side-ef
Same weakness CWE-346 – Origin Validation Error
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42113