Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.6
asbplayer v1.13.0: Malicious Subtitle Upload Can Execute Code
CVE-2025-69771
Summary
A security issue in asbplayer v1.13.0 allows attackers to upload a subtitle file that can run unauthorized code on a website. This can lead to malicious actions, such as stealing user data or taking control of the website. Update to the latest version of asbplayer to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| killergerbah | asbplayer | <= 1.13.0 | – |
Original title
An arbitrary file upload vulnerability in the subtitle loading function of asbplayer v1.13.0 allows attackers to execute arbitrary code via uploading a crafted subtitle file.
Original description
An arbitrary file upload vulnerability in the subtitle loading function of asbplayer v1.13.0 allows attackers to execute arbitrary code via uploading a crafted subtitle file.
nvd CVSS3.1
9.6
Vulnerability type
CWE-434
Unrestricted File Upload
- http://chrome.com Not Applicable
- http://killergerbah.com Broken Link
- https://reve-offensive.tistory.com/35 Third Party Advisory
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026