CVE-2025-53964

CRITICAL

GoldenDict <1.5.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-53964. PoCs published by tigr78.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2025-53964, a vulnerability in GoldenDict 1.5.0 and 1.5.1 that allows remote attackers to read and modify files via a crafted XDXF dictionary. The writeup includes a proof-of-concept demonstrating how malicious JavaScript embedded in an XDXF dictionary can exfiltrate file contents and modify local files.

Description

GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary.

Exploits (1)

nomisec WRITEUP
by tigr78 · poc
https://github.com/tigr78/CVE-2025-53964

The repository provides a detailed technical analysis of CVE-2025-53964, a vulnerability in GoldenDict 1.5.0 and 1.5.1 that allows remote attackers to read and modify files via a crafted XDXF dictionary. The writeup includes a proof-of-concept demonstrating how malicious JavaScript embedded in an XDXF dictionary can exfiltrate file contents and modify local files.

Classification
Writeup 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: GoldenDict 1.5.0, 1.5.1
No auth needed
Prerequisites: User interaction to add a malicious dictionary and search for a specific term
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://github.com/tigr78/CVE-2025-53964

Scores

CVSS v3 9.6
EPSS 0.0041
EPSS Percentile 32.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-749
Status published
Products (2)
goldendict/goldendict 1.5.0
goldendict/goldendict 1.5.1
Published Jul 17, 2025
Tracked Since Feb 18, 2026