Vulnerability Database

319,702

Total vulnerabilities in the database

CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists because of an incomplete fix for CVE-2024-32484.

Published: Apr 16, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-43703
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-830

Affected Software
References

Software	From	Fixed in
ankitects / anki	-	25.02.x

https://github.com/ankitects/anki/pull/3925
https://github.com/ankitects/anki/pull/3925/commits/24bca15fd3d9dc386916509eb2d4862d1184e709

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo