vulnerability
Ubuntu: (CVE-2022-25255): qtbase-opensource-src vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Feb 16, 2022 | Jun 26, 2025 | Jun 26, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Feb 16, 2022
Added
Jun 26, 2025
Modified
Jun 26, 2025
Description
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
Solution
no-fix-ubuntu-package
References
- CVE-2022-25255
- https://attackerkb.com/topics/CVE-2022-25255
- URL-https://codereview.qt-project.org/c/qt/qtbase/+/393113
- URL-https://codereview.qt-project.org/c/qt/qtbase/+/394914
- URL-https://codereview.qt-project.org/c/qt/qtbase/+/396020
- URL-https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff
- URL-https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff
- URL-https://www.cve.org/CVERecord?id=CVE-2022-25255
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.