CVE-2025-5455

Published Jun 2, 2025

Last updated a month ago

CVSS high 8.4

Overview

Description
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.
Source
a59d8014-47c4-4630-ab43-e1b13cbe58e3
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:Clear
Severity
HIGH

Weaknesses

a59d8014-47c4-4630-ab43-e1b13cbe58e3
CWE-20

Social media

Hype score
Not currently trending

  1. URGENT: #Fedora 42’s Qt6 has a critical DoS flaw (CVE-2025-5455). Patch via: su -c 'dnf upgrade --advisory FEDORA-2025-c546fd3f09' Read more: 👇 https://t.co/KbQDtSrLt0 #Linux #CyberSecurity https://t.co/Tna7s6TM9u

    @Cezar_H_Linux

    12 Jun 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ‼️ #Fedora42 Alert: Qt6-QtSerialBus DoS flaw (CVE-2025-5455) fixed in Qt 6.9.1. Attackers can crash systems via CAN/ModBus packets. Patch: sudo dnf upgrade --advisory FEDORA-2025-c546fd3f09 Read more:👇 https://t.co/F5pqw3JcbM #LinuxSecurity #IoT https://t.co/bcXL9DreMT

    @Cezar_H_Linux

    12 Jun 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-5455 An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the fun… https://t.co/1sJ43ueiMf

    @CVEnew

    2 Jun 2025

    416 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-5455: HIGH] Critical security vulnerability patched in Qt versions 5.15.19, 6.5.9, 6.8.4, and 6.9.1. Attackers could trigger a denial of service through a malcrafted URL. Update now!#cve,CVE-2025-5455,#cybersecurity https://t.co/cSnEeeBecJ https://t.co/OjtjHxVV1E

    @CveFindCom

    2 Jun 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.