CVE Catalog

CVE-2025-69618

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile - higher than 25% of all known CVEs

Summary

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.

Risk Assessment

The risk includes potential takeover of the application through malicious code injection and leakage of confidential data, threatening system integrity and user data.

Recommendation

Immediately update to the latest software version and implement validation and restrictions for imported files to prevent overwriting critical resources.

Original NVD description (English source)

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS