vulnerability
FreeBSD: VID-43ae57f6-92ab-11ec-81b4-2cf05d620ecc (CVE-2022-25255): Qt5 -- QProcess unexpected search path
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Feb 21, 2022 | Nov 4, 2022 | Dec 10, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Feb 21, 2022
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
The Qt Company reports: Recently, the Qt Project's security team was made aware of an issue regarding QProcess and determined it to be a security issue on Unix-based platforms only. We do not believe this to be a considerable risk for applications as the likelihood of it being triggered is minimal. Specifically, the problem is around using QProcess to start an application without having an absolute path, and as a result, it depends on it finding it in the PATH environment variable. As a result, it may be possible for an attacker to place their copy of the executable in question inside the working/current directory for the QProcess and have it invoked that instead.
Solution
freebsd-upgrade-package-qt5-core
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.