PT-2022-1644 · Qt Company+10 · Qt+10
Published
2022-02-16
·
Updated
2026-03-05
·
CVE-2022-25255
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Qt versions 5.9.x through 5.15.x before 5.15.9
Qt versions 6.x before 6.2.4
Description
The issue is related to the QProcess in Qt, which could execute a binary from the current working directory when not found in the PATH on Linux and UNIX systems. This could potentially allow a remote attacker to execute arbitrary code due to incorrect restriction of the directory path name with limited access.
Recommendations
For Qt versions 5.9.x through 5.15.x before 5.15.9, update to version 5.15.9 or later to resolve the issue.
For Qt versions 6.x before 6.2.4, update to version 6.2.4 or later to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Qt
Red Hat
Rocky Linux
Suse
Ubuntu