CVE-2026-25635: High Vulnerability in calibre e-book Manager

CVE-2026-25635 is a high-severity vulnerability affecting the calibre e-book manager. This vulnerability allows arbitrary file writes due to a path traversal issue in the CHM reader component of calibre prior to version 9.2.0. On Windows systems, this can lead to Remote Code Execution by placing a malicious payload in the Startup folder, which executes on the next user login. The severity of this vulnerability, with a CVSS score of 8.6, indicates a critical risk to organizations that utilize this software.

Organizations should prioritize patching immediately, as the potential for an attacker to write executable code poses significant risks. Although the vulnerability has been addressed in version 9.2.0, it is essential that users update their installations to safeguard against possible exploitation.

The nature of this vulnerability highlights the importance of regular software updates and monitoring for security advisories. With the ongoing threat landscape, remaining vigilant is crucial in preventing the exploitation of such vulnerabilities. The urgency of remediation cannot be overstated, as attackers may leverage this vulnerability to gain unauthorized access to systems.

As of now, there are no public exploits confirmed for CVE-2026-25635, but the potential for exploitation remains, especially in environments that have not yet applied the necessary patches. Organizations must ensure they are prepared to respond to any signs of compromise related to this vulnerability.

Vulnerability Details

The official CVE description states that this vulnerability allows arbitrary file writes anywhere the user has write permissions. Given this, on Windows systems, an attacker could write a payload to the Startup folder, which would execute on the next login. The vulnerability is classified under CWE-22 (Path Traversal), indicating its nature and potential impact.

The vulnerability was published on February 6, 2026, and has a CVSS score of 8.6, classified as high severity. The details emphasize the attack vector as local, with low complexity, meaning that it can be exploited easily by individuals with physical or local access to the affected system.

Technical Analysis

The root cause of CVE-2026-25635 is a path traversal vulnerability that permits file writes outside of the expected directory structure. The attack vector for this vulnerability is local, meaning that the attacker must have access to the system where the vulnerability exists. The attack complexity is low, requiring no special conditions or skills beyond local access.

No privileges are required to exploit this vulnerability, as attackers do not need to authenticate or gain elevated access. However, user interaction is required, as the victim must open the CHM file for the exploit to execute. The potential impacts on confidentiality, integrity, and availability are all rated high, emphasizing the severe consequences of successful exploitation.

Risk & Impact Analysis

The risk to organizations includes unauthorized access to sensitive files and potential system compromise through Remote Code Execution. Given the sensitivity of data that calibre may handle, the impact of this vulnerability can be extensive. An attacker exploiting this could manipulate the system in severe ways, from data theft to complete system control.

Organizations must evaluate their exposure to this vulnerability, especially if they utilize calibre in environments where sensitive data is processed. The urgency for patching is high, given that the CVSS score indicates a substantial risk of exploitation. Furthermore, organizations should regularly review their software for vulnerabilities and implement a diligent patch management process.

Additionally, the potential blast radius is significant. If an attacker successfully exploits this vulnerability, they may pivot to other systems or networks, further increasing the risk of widespread compromise. Organizations should address this vulnerability with priority in their patch management cycles.

Exploitation Status

Affected Versions

The vulnerability affects all versions of calibre prior to 9.2.0. Users are strongly advised to upgrade to this version or later to mitigate the risk associated with this vulnerability.

Mitigation & Remediation

To remediate this vulnerability, users should upgrade to calibre version 9.2.0 or later. Regular patch management practices should be implemented to ensure the software remains up to date.

In addition to patching, organizations should conduct regular security assessments, including penetration testing, to identify and address any vulnerabilities in their systems.

Detection Guidance

Organizations should monitor their systems for signs of exploitation of this vulnerability. Key indicators include unexpected file changes in user directories and unauthorized programs set to execute at login. Additionally, security logs should be reviewed for any suspicious activity related to calibre's CHM reader.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability emphasizes the need for organizations to maintain rigorous software update practices. As software evolves, new vulnerabilities will emerge, making it imperative for security teams to stay informed about potential threats.

This vulnerability serves as a reminder of the importance of robust security testing and continuous monitoring to detect and address vulnerabilities proactively. Security teams should be aware of the patterns associated with path traversal vulnerabilities and implement measures to prevent similar issues.

For further insights and strategies on managing vulnerabilities, organizations can explore our resources on vulnerability management and the importance of penetration testing in defending against such vulnerabilities.

In conclusion, CVE-2026-25635 underscores the importance of proactive security measures and the need for organizations to be vigilant in their software management practices.