CVE-2026-25635

Опубликовано: 06 фев. 2026

Источник: redhat

CVSS3: 8.6

EPSS Низкий

Описание

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.

A flaw was found in Calibre's CHM reader. This path traversal vulnerability allows an attacker to write arbitrary files to locations where the user has write permissions. On Windows systems, this could lead to remote code execution by placing a malicious file in the Startup folder, which would then execute upon the user's next login. This vulnerability primarily results in arbitrary code execution.

Отчет

This IMPORTANT flaw in Calibre's CHM reader allows an attacker to perform path traversal, leading to arbitrary file writes. This could enable an attacker to write malicious files to arbitrary locations on the filesystem where the user has write permissions. Exploitation requires a user to open a specially crafted CHM file.

Меры по смягчению последствий

Users should avoid opening untrusted CHM files with Calibre. This operational control reduces the risk of exploitation by preventing the processing of malicious content.

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=2437936calibre: Calibre: Remote Code Execution via path traversal in CHM reader

EPSS

Процентиль: 24%

0.00082

Низкий

8.6 High

CVSS3

Связанные уязвимости

CVE-2026-25635

CVSS3: 8.6

ubuntu

около 2 месяцев назад

CVE-2026-25635

CVSS3: 8.6

nvd

около 2 месяцев назад

CVE-2026-25635

CVSS3: 8.6

debian

около 2 месяцев назад

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader con ...

EPSS

Процентиль: 24%

0.00082

Низкий

8.6 High

CVSS3