CVE-2025-69618

MediumPublic PoC

Published: 04 February 2026

Published

04 February 2026

Modified

13 March 2026

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS Score 0.0014 33.6th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates the arbitrary file overwrite vulnerability by requiring validation of inputs in the file import process to block malicious paths and contents targeting critical files.

AC-6 Least Privilege good match

prevent

Enforces least privilege on the file import process to prevent it from gaining write access to critical internal files even if exploited.

SI-7 Software, Firmware, and Information Integrity good match

detect

Monitors and verifies the integrity of critical files and software to detect unauthorized overwrites that could lead to code execution or sensitive information exposure.

Security SummaryAI

CVE-2025-69618, published on 2026-02-04, is an arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0. It enables attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information. The vulnerability carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) and is linked to CWE-22, with additional mapping to NVD-CWE-noinfo.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and without requiring user interaction. By manipulating the file import process, they can target and overwrite critical internal files, achieving partial impacts on confidentiality and integrity, such as code execution or sensitive data exposure, while availability remains unaffected.

Advisories and further details are available in the following references: http://coto.com, https://coto.world/, https://github.com/Secsys-FDU/AF_CVEs/issues/9, and https://secsys.fudan.edu.cn/. Security practitioners should consult these for patch information or mitigation guidance specific to Tarot, Astro & Healing v11.4.0.

Details

CWE(s): NVD-CWE-noinfo CWE-22

Affected Products

coto.world

coto

11.4.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Arbitrary file overwrite in remote, unauthenticated file import process of public-facing application directly enables exploitation of public-facing application (T1190) for RCE or info disclosure.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

http://coto.com
Broken Link · cve@mitre.org
https://coto.world/
Product · cve@mitre.org
https://github.com/Secsys-FDU/AF_CVEs/issues/9
Exploit, Third Party Advisory · cve@mitre.org
https://secsys.fudan.edu.cn/
Not Applicable · cve@mitre.org