📄 Description (English)
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.
🤖 AI Executive Summary
CVE-2026-25636 is a critical path traversal vulnerability in Calibre e-book manager versions 9.1.0 and earlier that allows attackers to corrupt arbitrary files through malicious EPUB files during conversion. The vulnerability exploits improper handling of CipherReference URIs in encryption.xml, enabling write access outside the intended extraction directory. This poses significant risk to organizations using Calibre for document processing, particularly in government and educational sectors. Patch to version 9.2.0 is immediately available.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 25, 2026 12:18
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi government entities, educational institutions, and research organizations that utilize Calibre for e-book management and conversion. The National Center for Cybersecurity (NCA) and government document processing centers face elevated risk due to potential corruption of sensitive administrative documents. Educational institutions and universities using Calibre for academic content management are also vulnerable. The vulnerability could enable attackers to corrupt critical system files or administrative documents, leading to operational disruption. Organizations in the publishing and media sectors using Calibre for content distribution are at moderate risk.
🏢 Affected Saudi Sectors
Government
Education
Publishing
Research Institutions
Media and Broadcasting
Archives and Libraries
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all systems running Calibre versions 9.1.0 and earlier using asset inventory tools
2. Restrict EPUB file uploads and conversions until patching is complete
3. Implement file access controls to limit Calibre process permissions to specific directories
4. Monitor file modification logs for suspicious activity in Calibre working directories
PATCHING GUIDANCE:
1. Upgrade Calibre to version 9.2.0 or later immediately
2. Test patches in non-production environments before deployment
3. Verify patch installation by checking version numbers post-update
4. Restart all Calibre services and dependent applications
COMPENSATING CONTROLS (if immediate patching not possible):
1. Disable EPUB conversion functionality until patched
2. Run Calibre processes with minimal file system permissions using OS-level access controls
3. Isolate Calibre instances in sandboxed environments or containers
4. Implement strict input validation for EPUB files before processing
5. Use file integrity monitoring (FIM) tools to detect unauthorized file modifications
DETECTION RULES:
1. Monitor for Calibre processes accessing files outside designated working directories
2. Alert on META-INF/encryption.xml parsing with absolute path references
3. Track file write operations initiated by Calibre to system-critical directories
4. Log and alert on CipherReference URI resolution attempts pointing outside extraction paths
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تقوم بتشغيل إصدارات Calibre 9.1.0 وما قبلها باستخدام أدوات جرد الأصول
2. تقييد تحميلات ملفات EPUB والتحويلات حتى اكتمال التصحيح
3. تنفيذ عناصر تحكم الوصول إلى الملفات لتحديد أذونات عملية Calibre في دلائل محددة
4. مراقبة سجلات تعديل الملفات للنشاط المريب في دلائل عمل Calibre
إرشادات التصحيح:
1. ترقية Calibre إلى الإصدار 9.2.0 أو أحدث فوراً
2. اختبار التصحيحات في بيئات غير الإنتاج قبل النشر
3. التحقق من تثبيت التصحيح بفحص أرقام الإصدارات بعد التحديث
4. إعادة تشغيل جميع خدمات Calibre والتطبيقات التابعة
عناصر التحكم البديلة (إذا لم يكن التصحيح الفوري ممكناً):
1. تعطيل وظيفة تحويل EPUB حتى يتم التصحيح
2. تشغيل عمليات Calibre بأقل صلاحيات نظام الملفات باستخدام عناصر تحكم الوصول على مستوى نظام التشغيل
3. عزل مثيلات Calibre في بيئات معزولة أو حاويات
4. تنفيذ التحقق الصارم من صحة ملفات EPUB قبل المعالجة
5. استخدام أدوات مراقبة سلامة الملفات (FIM) للكشف عن التعديلات غير المصرح بها
قواعد الكشف:
1. مراقبة عمليات Calibre التي تصل إلى الملفات خارج دلائل العمل المخصصة
2. التنبيه على تحليل META-INF/encryption.xml مع مراجع المسار المطلق
3. تتبع عمليات كتابة الملفات التي يبدأها Calibre في الدلائل الحرجة للنظام
4. تسجيل والتنبيه على محاولات دقة CipherReference URI التي تشير خارج مسارات الاستخراج
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies (file system access restrictions)
ECC 2024 A.5.2.1 - User Registration and Access Rights Management
ECC 2024 A.12.4.1 - Event Logging (monitoring file modifications)
ECC 2024 A.12.4.3 - Protection of Log Information
ECC 2024 A.14.2.1 - Secure Development Policy (input validation)
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Asset Management (inventory of Calibre installations)
SAMA CSF PR.AC-1 - Access Control (principle of least privilege for Calibre processes)
SAMA CSF PR.AC-3 - Access Enforcement (file system permissions)
SAMA CSF DE.CM-1 - Detection Processes (monitoring for unauthorized file access)
SAMA CSF RS.MI-2 - Incident Response (containment of affected systems)
🟡 ISO 27001:2022
ISO 27001:2022 A.5.3 - Segregation of Duties
ISO 27001:2022 A.8.1.1 - Screening (secure software procurement)
ISO 27001:2022 A.8.2.3 - Segregation of Development, Test and Production Environments
ISO 27001:2022 A.12.2.1 - Audit Logging (file access monitoring)
ISO 27001:2022 A.14.2.1 - Secure Development Policy
🔗 References & Sources 3
🔗
https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726
security-advisories@github.com
Patch
🔗
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29
security-advisories@github.com
Exploit
Third Party Advisory
🔗
https://0x5t.raptx.org/posts/calibre-epub-rce
af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
📦 Affected Products / CPE 1 entries
calibre-ebook:calibre