CVE-2025-69621

High

Published: 04 February 2026

Published

04 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Score 0.0002 5.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69621 is a high-severity Path Traversal (CWE-22) vulnerability in Comic Book Reader (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 5.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates file inputs during the import process to block malicious paths enabling arbitrary file overwrites.

SI-2 Flaw Remediation good match

prevent

Identifies, reports, and corrects the specific flaw in Comic Book Reader v1.0.95's file import process.

SI-7 Software, Firmware, and Information Integrity good match

detect

Monitors critical internal files for unauthorized changes resulting from the arbitrary overwrite vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Vulnerability requires user interaction to import a malicious file that triggers path traversal-based arbitrary overwrite, directly mapping to malicious file execution for code execution impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.

Deeper analysisAI

CVE-2025-69621 is an arbitrary file overwrite vulnerability, classified under CWE-22, in the file import process of Comic Book Reader version 1.0.95. This issue enables attackers to overwrite critical internal files of the affected software, with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).

Remote attackers require no privileges or authentication but must rely on user interaction to exploit the vulnerability. By tricking a user into importing a malicious file, an attacker can overwrite critical internal files, potentially achieving arbitrary code execution or exposure of sensitive information.

Mitigation details and advisories are available at the following references: http://comic.com, https://android-tools.ru/, https://github.com/Secsys-FDU/AF_CVEs/issues/12, and https://secsys.fudan.edu.cn/.