Volerion logoVolerion
Volerion logoVolerion

Ankitects Anki YouTube Downloader Executable Placement Vulnerability

Vulnerability

A vulnerability exists in Ankitects Anki versions prior to 25.02.5, where a maliciously crafted shared deck can introduce a YouTube downloader executable into the media folder. This executable is then executed when a YouTube link in the deck is accessed. The executable could be named youtube-dl.exe, yt-dlp.exe, or yt-dlp_x86.exe.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary code, as the introduced YouTube downloader executable is executed when a YouTube link in the deck is accessed.

Reproduction

To reproduce this vulnerability, create a shared deck that includes a YouTube link and a YouTube downloader executable (such as yt-dlp.exe) placed in the media folder. When the deck is imported and the YouTube link is clicked, the executable will be executed, demonstrating the vulnerability.

Remediation

Users can update to Anki version 25.02.5 or later, where this vulnerability has been addressed.

Added: Oct 7, 2025, 9:18 PM
Updated: Oct 7, 2025, 9:18 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
10.0
exploitability
5.4
remediation
7.7
relevance
0.7
threat
4.8
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.