CVE-2025-62185 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2025-62185?

CVE-2025-62185 has a CVSS score of 6.7 (MEDIUM). This vulnerability allows attackers to execute arbitrary code by embedding malicious YouTube downloader executables in shared Anki decks. When users import these decks and click YouTube links, the embedded executable runs with the user's privileges. All Anki users who import shared decks are affected.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by embedding malicious YouTube downloader executables in shared Anki decks. When users import these decks and click YouTube links, the embedded executable runs with the user's privileges. All Anki users who import shared decks are affected.

💻 Affected Systems

Products:

Ankitects Anki

Versions: All versions before 25.02.5

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration when importing shared decks containing YouTube links.

📦 What is this software?

Anki by Ankitects

View all CVEs affecting Anki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary code execution, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware execution leading to credential theft, cryptocurrency mining, or data exfiltration from the user's system.

🟢

If Mitigated

No impact if users only use trusted decks or have updated to patched versions.

🌐 Internet-Facing: MEDIUM - Requires user interaction (importing/sharing decks) but can be distributed widely through deck sharing platforms.

🏢 Internal Only: LOW - Primarily affects individual users rather than enterprise environments, though shared decks in organizational settings could pose risk.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to trick users into importing malicious decks. The vulnerability is in how Anki handles embedded executables for YouTube links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.02.5 and later

Vendor Advisory: https://github.com/ankitects/anki/compare/25.02.4...25.02.5

Restart Required: No

Instructions:

1. Open Anki. 2. Go to Help > Check for Updates. 3. Follow prompts to update to version 25.02.5 or later. 4. Alternatively, download latest version from ankiweb.net.

🔧 Temporary Workarounds

Disable automatic media downloads

all

Prevent Anki from automatically downloading and executing YouTube downloader executables

Use only trusted decks

all

Only import decks from verified, reputable sources

🧯 If You Can't Patch

Only use decks from trusted sources and verify contents before importing
Run Anki in sandboxed environment or with restricted permissions

🔍 How to Verify

Check if Vulnerable:

Check Anki version in Help > About. If version is below 25.02.5, you are vulnerable.

Check Version:

On Windows: anki --version; On macOS/Linux: anki --version or check Help > About in GUI

Verify Fix Applied:

After updating, verify version is 25.02.5 or higher in Help > About.

📡 Detection & Monitoring

Log Indicators:

Execution of youtube-dl.exe, yt-dlp.exe, or yt-dlp_x86.exe from Anki media folder
Unexpected process creation from Anki directory

Network Indicators:

Unexpected outbound connections from Anki process to unknown domains

SIEM Query:

Process Creation where (Image contains 'youtube-dl' OR Image contains 'yt-dlp') AND ParentImage contains 'anki'

📊 Metadata

CVE ID: CVE-2025-62185

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-427

EPSS Score: 0.02% exploit probability (4.7th percentile)

Published: October 7, 2025

Last Updated: October 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62185, you might also want to check these: