CVE-2025-69618
MEDIUMcoto.world/coto 11.4.0 - Arbitrary File Overwrite via File Import Process
Title source: llmDescription
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.
References (4)
Core 4
Core References
Broken Link
http://coto.com
Product
https://coto.world/
Exploit, Third Party Advisory
https://github.com/Secsys-FDU/AF_CVEs/issues/9
Not Applicable
https://secsys.fudan.edu.cn/
Scores
CVSS v3
6.5
EPSS
0.0034
EPSS Percentile
25.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
coto.world/coto
11.4.0
Published
Feb 04, 2026
Tracked Since
Feb 18, 2026