CVE-2026-25635

Description

calibre is an e-book manager. Prior to 9.2.0, Calibres CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (havent tested on other OSs), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.