Cyber Resilience

CVE-2025-69621

High

Published: 04 February 2026

Published
04 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0048 37.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-69621 is a high-severity Path Traversal (CWE-22) vulnerability in Comic Book Reader (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 37.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-69621 is an arbitrary file overwrite vulnerability, classified under CWE-22, in the file import process of Comic Book Reader version 1.0.95. This issue enables attackers to overwrite critical internal files of the affected software, with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).

Remote attackers require no privileges or authentication but must rely on user interaction to exploit the vulnerability. By tricking a user into importing a malicious file, an attacker can overwrite critical internal files, potentially achieving arbitrary code execution or exposure of sensitive information.

Mitigation details and advisories are available at the following references: http://comic.com, https://android-tools.ru/, https://github.com/Secsys-FDU/AF_CVEs/issues/12, and https://secsys.fudan.edu.cn/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Vulnerability requires user interaction to import a malicious file that triggers path traversal-based arbitrary overwrite, directly mapping to malicious file execution for code execution impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-11002Shared CWE-22
CVE-2026-35204Shared CWE-22
CVE-2026-28518Shared CWE-22
CVE-2026-39307Shared CWE-22
CVE-2026-27704Shared CWE-22
CVE-2026-5656Shared CWE-22
CVE-2026-30853Shared CWE-22
CVE-2026-44340Shared CWE-22
CVE-2026-22661Shared CWE-22
CVE-2026-3223Shared CWE-22

Affected Assets

Comic
Book Reader
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates file inputs during the import process to block malicious paths enabling arbitrary file overwrites.

prevent

Identifies, reports, and corrects the specific flaw in Comic Book Reader v1.0.95's file import process.

detect

Monitors critical internal files for unauthorized changes resulting from the arbitrary overwrite vulnerability.

References