CVE-2025-53964
Published: 17 July 2025
Summary
CVE-2025-53964 is a critical-severity Exposed Dangerous Method or Function (CWE-749) vulnerability in Goldendict Goldendict. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 30.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Remediating the specific flaw in GoldenDict via vendor patches directly prevents exploitation of the exposed dangerous method for arbitrary file read and modification.
Validating dictionary file inputs before processing prevents triggering the exposed dangerous method that enables unauthorized file access.
Restricting execution of vulnerable software like GoldenDict 1.5.0 and 1.5.1 through deny-by-default policies prevents introduction and exploitation of CVE-2025-53964.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables arbitrary local file read (T1005 Data from Local System), file modification/deletion (T1070.004 File Deletion), client-side code execution via crafted dictionary (T1203 Exploitation for Client Execution), and data exfiltration over web services as demonstrated in PoC (T1567 Exfiltration Over Web Service).
NVD Description
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary.
Deeper analysisAI
GoldenDict versions 1.5.0 and 1.5.1 are affected by CVE-2025-53964, a vulnerability stemming from an exposed dangerous method (CWE-749) that allows arbitrary file reading and modification. The issue is triggered when a user adds a crafted dictionary file and then searches for any term included in that dictionary. Published on 2025-07-17, it carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L).
A remote attacker requires no privileges and can exploit this over the network with low complexity, though user interaction is needed to add the crafted dictionary and initiate a search. Exploitation changes scope and achieves high confidentiality and integrity impacts alongside low availability impact, enabling attackers to read sensitive files and modify arbitrary files on the victim's system.
Mitigation details and patches are referenced in the GoldenDict release notes at https://github.com/goldendict/goldendict/releases, while additional vulnerability information, including likely proof-of-concept details, is available at https://github.com/tigr78/CVE-2025-53964.
Details
- CWE(s)