Plattform
other
Komponente
calibre
Behoben in
9.2.1
A path traversal vulnerability has been identified in Calibre, an e-book manager, affecting versions up to 9.2.0. This flaw allows attackers to write arbitrary files within areas where the user has write permissions. On Windows systems, exploitation can lead to Remote Code Execution (RCE) by placing a malicious payload in the Startup folder, triggering execution upon the next login.
The primary impact of this vulnerability is the potential for Remote Code Execution on Windows systems. An attacker could craft a malicious CHM file that, when opened in Calibre, allows them to write arbitrary files to any location the user has write access to. The most concerning scenario involves writing a malicious executable to the user's Startup folder. Upon the next system login, this executable would automatically run with the user's privileges, granting the attacker control over the system. While the description notes testing was limited to Windows, the path traversal nature of the vulnerability suggests similar exploitation paths might exist on other operating systems, though the RCE vector may differ. This vulnerability shares characteristics with other path traversal exploits, where attackers leverage improper input validation to access and modify files outside of the intended directory.
This vulnerability was publicly disclosed on 2026-02-06. No public proof-of-concept (POC) code has been released at the time of writing, but the relatively straightforward nature of path traversal vulnerabilities suggests that a POC is likely to emerge. The vulnerability has not been added to the CISA KEV catalog. The CVSS score of 8.6 (HIGH) indicates a significant risk, and the potential for RCE warrants immediate attention.
Users of Calibre e-book manager, particularly those on Windows systems, are at risk. Shared hosting environments where Calibre is installed and accessible to multiple users are especially vulnerable, as an attacker could potentially compromise the entire host.
• windows / supply-chain:
Get-ScheduledTask | Where-Object {$_.Action.Path -like "*Calibre*"}• windows / supply-chain:
Get-ChildItem -Path "$env:AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" -Filter "*Calibre*.*"• other: Monitor Calibre installation directory for unexpected file creations, especially executable files.
disclosure
Exploit-Status
EPSS
0.08% (24% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade Calibre to version 9.2.0 or later, which contains the fix for this vulnerability. If an immediate upgrade is not feasible, consider restricting user write access to sensitive directories, particularly the Startup folder on Windows. While a direct WAF rule is unlikely to be effective against this type of vulnerability, implementing strict input validation on any file uploads or processing within Calibre could provide an additional layer of defense. There are no specific Sigma or YARA rules readily available for this particular vulnerability, but monitoring for unusual file creation activity in user directories, especially executable files in the Startup folder, is recommended. After upgrading, confirm the fix by attempting to create a file outside the intended directory using a crafted CHM file and verifying that the operation is denied.
Actualice Calibre a la versión 9.2.0 o superior. Esta versión corrige la vulnerabilidad de path traversal que permite la escritura arbitraria de archivos. La actualización se puede realizar a través del gestor de paquetes o descargando la nueva versión desde el sitio web oficial.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-25635 is a Path Traversal vulnerability in Calibre e-book manager versions up to 9.2.0, allowing attackers to write arbitrary files and potentially achieve Remote Code Execution.
You are affected if you are using Calibre version 9.2.0 or earlier. Upgrade to 9.2.0 to resolve the vulnerability.
Upgrade Calibre to version 9.2.0 or later. If upgrading is not possible, restrict write access to the Calibre installation directory.
Active exploitation is not currently confirmed, but the vulnerability's severity and potential impact warrant caution.
Refer to the Calibre project's official website and security advisories for the latest information on CVE-2026-25635.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.