CVE-2025-30348 - Vulnerability Details - OpenCVE

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Qt	Qt

Configuration 1 [-]

OR	cpe:2.3:a:qt:qt::::::::
	cpe:2.3:a:qt:qt::::::::
	cpe:2.3:a:qt:qt::::::::

No data.

References

Link	Providers
https://codereview.qt-project.org/c/qt/qtbase/+/581442

History

Mon, 24 Mar 2025 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qt Qt qt
CPEs		cpe:2.3:a:qt:qt::::::::
Vendors & Products		Qt Qt qt

Fri, 21 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 21 Mar 2025 07:00:00 +0000

Type	Values Removed	Values Added
Description		encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
Weaknesses		CWE-407
References		https://codereview.qt-project.org/c/qt/qtbase/+/581442
Metrics		cvssV3_1 `{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-03-21T00:00:00.000Z

Updated: 2025-03-21T15:51:56.127Z

Reserved: 2025-03-21T00:00:00.000Z

Link: CVE-2025-30348

Vulnrichment

Updated: 2025-03-21T15:51:51.823Z

NVD

Status : Analyzed

Published: 2025-03-21T07:15:37.673

Modified: 2025-03-24T14:08:36.513

Link: CVE-2025-30348

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-30348", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-21T15:51:56.127Z", "dateReserved": "2025-03-21T00:00:00.000Z", "datePublished": "2025-03-21T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Qt", "vendor": "Qt", "versions": [{"lessThan": "5.15.19", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "6.5.9", "status": "affected", "version": "6.0.0", "versionType": "semver"}, {"lessThan": "6.8.0", "status": "affected", "version": "6.6.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "description": "CWE-407 Inefficient Algorithmic Complexity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-21T06:54:16.026Z"}, "references": [{"url": "https://codereview.qt-project.org/c/qt/qtbase/+/581442"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.19"}, {"vulnerable": true, "criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0.0", "versionEndExcluding": "6.5.9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.0", "versionEndExcluding": "6.8.0"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-21T15:51:38.091847Z", "id": "CVE-2025-30348", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-21T15:51:56.127Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30348", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-21T15:51:38.091847Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-21T15:51:51.823Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}}], "affected": [{"vendor": "Qt", "product": "Qt", "versions": [{"status": "affected", "version": "0", "lessThan": "5.15.19", "versionType": "semver"}, {"status": "affected", "version": "6.0.0", "lessThan": "6.5.9", "versionType": "semver"}, {"status": "affected", "version": "6.6.0", "lessThan": "6.8.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://codereview.qt-project.org/c/qt/qtbase/+/581442"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-407", "description": "CWE-407 Inefficient Algorithmic Complexity"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.19"}, {"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.5.9", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.0", "versionStartIncluding": "6.6.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-21T06:54:16.026Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30348", "state": "PUBLISHED", "dateUpdated": "2025-03-21T15:51:56.127Z", "dateReserved": "2025-03-21T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-03-21T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE4D111C-B1A7-4A17-AA3D-4A7F81D81F82", "versionEndExcluding": "5.15.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "2052B596-AF66-4AB5-9353-7DF480123D7B", "versionEndExcluding": "6.5.9", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F90A01A-9D6A-4094-A589-D1188D83C9FE", "versionEndExcluding": "6.8.0", "versionStartIncluding": "6.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data)."}, {"lang": "es", "value": "encodeText en QDom en Qt anterior a 6.8.0 tiene un algoritmo complejo que implica la copia de una cadena XML y el reemplazo en l\u00ednea de partes de una cadena (con reubicaci\u00f3n de datos posteriores)."}], "id": "CVE-2025-30348", "lastModified": "2025-03-24T14:08:36.513", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-21T07:15:37.673", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/581442"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "cve@mitre.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-407"}], "source": "nvd@nist.gov", "type": "Primary"}]}