UBUNTU-CVE-2025-4211

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-4211

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-4211.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-4211

Related

CVE-2025-4211

Published

2025-05-16T14:15:00Z

Modified

2025-05-21T16:49:45Z

Summary

[none]

Details

Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPath API, which can be exploited by attackers to manipulate temporary file paths, potentially leading to unauthorized access and privilege escalation. The affected public API in the Qt Framework is QDir::tempPath() and anything that uses it, such as QStandardPaths with TempLocation, QTemporaryDir, and QTemporaryFile.This issue affects all version of Qt up to and including 5.15.18, from 6.0.0 through 6.5.8, from 6.6.0 through 6.8.1. It is fixed in Qt 5.15.19, Qt 6.5.9, Qt 6.8.2, 6.9.0

References

Affected packages

Ubuntu:Pro:16.04:LTS / qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/ubuntu/qtbase-opensource-src@5.5.1+dfsg-16ubuntu7.7?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2+dfsg-2ubuntu9

5.5.1+dfsg-6ubuntu4

5.5.1+dfsg-10ubuntu2

5.5.1+dfsg-13ubuntu1

5.5.1+dfsg-13ubuntu2

5.5.1+dfsg-13ubuntu3

5.5.1+dfsg-14ubuntu1

5.5.1+dfsg-14ubuntu2

5.5.1+dfsg-14ubuntu3

5.5.1+dfsg-15ubuntu1

5.5.1+dfsg-16ubuntu1

5.5.1+dfsg-16ubuntu6

5.5.1+dfsg-16ubuntu7

5.5.1+dfsg-16ubuntu7.1

5.5.1+dfsg-16ubuntu7.2

5.5.1+dfsg-16ubuntu7.5

5.5.1+dfsg-16ubuntu7.6

5.5.1+dfsg-16ubuntu7.7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / qtbase-opensource-src-gles

Package

Name: qtbase-opensource-src-gles
Purl: pkg:deb/ubuntu/qtbase-opensource-src-gles@5.5.1+dfsg-16ubuntu6?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2+dfsg-2ubuntu9

5.5.1+dfsg-6ubuntu1

5.5.1+dfsg-10ubuntu1

5.5.1+dfsg-13ubuntu1

5.5.1+dfsg-13ubuntu2

5.5.1+dfsg-13ubuntu3

5.5.1+dfsg-14ubuntu1

5.5.1+dfsg-14ubuntu2

5.5.1+dfsg-14ubuntu3

5.5.1+dfsg-15ubuntu1

5.5.1+dfsg-16ubuntu1

5.5.1+dfsg-16ubuntu4

5.5.1+dfsg-16ubuntu5

5.5.1+dfsg-16ubuntu6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/ubuntu/qtbase-opensource-src@5.9.5+dfsg-0ubuntu2.6?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.1+dfsg-10ubuntu1

5.9.1+dfsg-10ubuntu2

5.9.2+dfsg-4ubuntu6

5.9.3+dfsg-0ubuntu1

5.9.3+dfsg-0ubuntu3

5.9.3+dfsg-0ubuntu4

5.9.4+dfsg-0ubuntu3

5.9.4+dfsg-0ubuntu4

5.9.5+dfsg-0ubuntu1

5.9.5+dfsg-0ubuntu2

5.9.5+dfsg-0ubuntu2.1

5.9.5+dfsg-0ubuntu2.3

5.9.5+dfsg-0ubuntu2.4

5.9.5+dfsg-0ubuntu2.5

5.9.5+dfsg-0ubuntu2.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/ubuntu/qtbase-opensource-src@5.12.8+dfsg-0ubuntu2.1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-4ubuntu1

5.12.5+dfsg-2

5.12.5+dfsg-8

5.12.5+dfsg-8build1

5.12.5+dfsg-9build1

5.12.8+dfsg-0ubuntu1

5.12.8+dfsg-0ubuntu2.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / qtbase-opensource-src-gles

Package

Name: qtbase-opensource-src-gles
Purl: pkg:deb/ubuntu/qtbase-opensource-src-gles@5.12.8+dfsg-0ubuntu1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.12.4+dfsg-1build1

5.12.5+dfsg-1

5.12.5+dfsg-2

5.12.8+dfsg-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / qt6-base

Package

Name: qt6-base
Purl: pkg:deb/ubuntu/qt6-base@6.2.4+dfsg-2ubuntu1.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.2.2+dfsg-5ubuntu1

6.2.2+dfsg-6ubuntu1

6.2.2+dfsg-6ubuntu2

6.2.4+dfsg-1ubuntu1

6.2.4+dfsg-2ubuntu1

6.2.4+dfsg-2ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/ubuntu/qtbase-opensource-src@5.15.3+dfsg-2ubuntu0.2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.2+dfsg-12

5.15.2+dfsg-13

5.15.2+dfsg-14

5.15.2+dfsg-14ubuntu1

5.15.2+dfsg-14ubuntu3

5.15.2+dfsg-15

5.15.3+dfsg-1

5.15.3+dfsg-2

5.15.3+dfsg-2ubuntu0.1

5.15.3+dfsg-2ubuntu0.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / qtbase-opensource-src-gles

Package

Name: qtbase-opensource-src-gles
Purl: pkg:deb/ubuntu/qtbase-opensource-src-gles@5.15.3+dfsg-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.2+dfsg-4

5.15.2+dfsg-5

5.15.3+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qt6-base

Package

Name: qt6-base
Purl: pkg:deb/ubuntu/qt6-base@6.6.2+dfsg-12?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.2+dfsg-21.1build5

6.6.2+dfsg-7

6.6.2+dfsg-8

6.6.2+dfsg-9

6.6.2+dfsg-10

6.6.2+dfsg-11

6.6.2+dfsg-12

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/ubuntu/qtbase-opensource-src@5.15.15+dfsg-1ubuntu1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.13+dfsg-1ubuntu1

5.15.13+dfsg-4ubuntu1

5.15.15+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qtbase-opensource-src-gles

Package

Name: qtbase-opensource-src-gles
Purl: pkg:deb/ubuntu/qtbase-opensource-src-gles@5.15.15+dfsg-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.13+dfsg-1

5.15.13+dfsg-2

5.15.15+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qt6-base

Package

Name: qt6-base
Purl: pkg:deb/ubuntu/qt6-base@6.4.2+dfsg-21.1build5?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.2+dfsg-18

6.4.2+dfsg-19

6.4.2+dfsg-19build1

6.4.2+dfsg-20

6.4.2+dfsg-21

6.4.2+dfsg-21.1build4

6.4.2+dfsg-21.1build5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/ubuntu/qtbase-opensource-src@5.15.13+dfsg-1ubuntu1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.10+dfsg-3

5.15.10+dfsg-5

5.15.10+dfsg-5ubuntu1

5.15.12+dfsg-1ubuntu1

5.15.12+dfsg-3ubuntu1

5.15.12+dfsg-3ubuntu6

5.15.12+dfsg-3ubuntu7

5.15.13+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qtbase-opensource-src-gles

Package

Name: qtbase-opensource-src-gles
Purl: pkg:deb/ubuntu/qtbase-opensource-src-gles@5.15.13+dfsg-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.10+dfsg-2

5.15.10+dfsg-3

5.15.12+dfsg-1

5.15.12+dfsg-1ubuntu1

5.15.12+dfsg-1ubuntu2

5.15.13+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / qt6-base

Package

Name: qt6-base
Purl: pkg:deb/ubuntu/qt6-base@6.8.3+dfsg-0ubuntu2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.6.2+dfsg-12

6.7.2+dfsg-3

6.8.1+dfsg-0ubuntu1

6.8.1+dfsg-0ubuntu2

6.8.1+dfsg-0ubuntu4

6.8.2+dfsg-0ubuntu2

6.8.2+dfsg-5

6.8.3+dfsg-0ubuntu1

6.8.3+dfsg-0ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / qtbase-opensource-src

Package

Name: qtbase-opensource-src
Purl: pkg:deb/ubuntu/qtbase-opensource-src@5.15.15+dfsg-4ubuntu1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.15+dfsg-1ubuntu1

5.15.15+dfsg-1ubuntu2

5.15.15+dfsg-4ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / qtbase-opensource-src-gles

Package

Name: qtbase-opensource-src-gles
Purl: pkg:deb/ubuntu/qtbase-opensource-src-gles@5.15.15+dfsg-2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.15+dfsg-1

5.15.15+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}