CVE-2025-69618
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk25th percentile - higher than 25% of all known CVEs
Summary
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.
Risk Assessment
The risk includes potential takeover of the application through malicious code injection and leakage of confidential data, threatening system integrity and user data.
Recommendation
Immediately update to the latest software version and implement validation and restrictions for imported files to prevent overwriting critical resources.
Original NVD description (English source)
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.

