CVE-2025-69771 - Vulnerability Analysis
CriticalCVSS: 9.6Last Updated: February 26, 2026
asbplayer - Unrestricted File Upload
Published: February 25, 2026Updated: February 26, 2026Remote Exploitable
Overview
asbplayer v1.13.0 contains an unrestricted file upload vulnerability caused by improper validation in the subtitle loading function, letting attackers execute arbitrary code by uploading crafted subtitle files, exploit requires no special privileges.
Severity & Score
Severity: Critical
CVSS Score: 9.6
Impact
Attackers can execute arbitrary code remotely by uploading malicious subtitle files, potentially leading to full system compromise.
Mitigation
Update to the latest version of asbplayer.
Related Resources
Details
- CVE ID
- CVE-2025-69771
- Severity
- Critical
- CVSS Score
- 9.6
- Type
- unrestricted_file_upload
- Status
- new
CWE
- CWE-434
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H