Improper Link Resolution Vulnerability in Qt Framework by The Qt Company
CVE-2025-4211

7.3HIGH

Key Information:

Vendor: The Qt Company
Status: Qt
Vendor: CVE Published:; 16 May 2025

🔔 Create The Qt Company Vulnerability Alert

What is CVE-2025-4211?

This vulnerability in the Qt Framework's QFileSystemEngine on Windows allows attackers to exploit improper link resolution before file access. By abusing the GetTempPath API, an attacker can manipulate temporary file paths to potentially perform symlink attacks or access malicious files. This flaw is significant as it enables unauthorized access and could lead to privilege escalation, affecting public APIs such as QDir::tempPath() and related components like QTemporaryDir and QTemporaryFile. It's crucial for users of the affected versions to update to the latest releases to mitigate these risks, which have been addressed in subsequent updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Qt Windows 0 <= 5.15.18

Qt Windows 6.0.0 <= 6.5.8

Qt Windows 6.6.0 <= 6.8.1

References

https://codereview.qt-project.org/c/qt/qtbase/+/632231

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
May 16, 2025
Vulnerability Reserved
May 2, 2025

JSON

The Qt Company

What is CVE-2025-4211?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.