[Development] [Announce] Security advisory: Improper Link Resolution Before File Access in QFileSystemEngine in the Qt corelib module on Windows impacts Qt

[List for announcements regarding Qt releases and development via Announce via Development]

Improper Link Resolution Before File Access ('Link Following') vulnerability in 
QFileSystemEngine in the Qt corelib module on Windows potentially allows 
Symlink Attacks and the use of Malicious Files. This vulnerability has been 
discovered and assigned the CVE ID CVE-2025-4211. The issue originates from 
CVE-2024-38081. The vulnerability arises from the use of the GetTempPath API, 
which can be exploited by attackers to manipulate temporary file paths, 
potentially leading to unauthorized access and privilege escalation. The 
affected public API in the Qt Framework is QDir::tempPath() and anything that 
uses it, such as QStandardPaths with TempLocation, QTemporaryDir, and 
QtemporaryFile.

Affected versions:
All version of Qt up to and including 5.15.18, from 6.0.0 through 6.5.8, from 
6.6.0 through 6.8.1. It is fixed in Qt 5.15.19, Qt 6.5.9, Qt 6.8.2, Qt 6.9.0

Impact:
The vulnerability allows attackers to influence the temporary file path 
resolution, which can lead to elevation of privilege. This can be particularly 
dangerous if exploited by unprivileged users to gain higher-level access or 
execute arbitrary code with elevated permissions.

Attack Vectors:
An attacker with local access can exploit symbolic link attacks. The default 
temporary directory for system/privileged processes allows regular unprivileged 
users to create files, including following symlinks, and thus place privileged 
files and directories where they shouldn't be.

Vulnerability Score:
CVSS v4.0: 7.3

Solution: Apply the following patch or update to Qt 6.9.0 or 6.8.2 or 6.5.9 or 
5.15.19
Patches:
6.8: https://codereview.qt-project.org/c/qt/qtbase/+/635127 or 
https://download.qt.io/official_releases/qt/6.8/CVE-2025-4211-qtbase-6.8.diff
6.5: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/635259 or 
https://download.qt.io/official_releases/qt/6.5/CVE-2025-4211-qtbase-6.5.diff
5.15: https://codereview.qt-project.org/c/qt/tqtc-qtbase/+/635550 or 
https://download.qt.io/official_releases/qt/5.15/CVE-2025-4211-qtbase-5.15.diff

______________________
Tuukka Kettunen
Senior Manager, Technical Support
[cid:image001.png@01DBC683.8D682630]<https://www.qt.io/>
[cid:image002.png@01DBC683.8D682630]<https://www.facebook.com/qt/>
[cid:image003.png@01DBC683.8D682630]<https://twitter.com/qtproject>
[cid:image004.png@01DBC683.8D682630]<https://www.linkedin.com/company/the-qt-company/>
[cid:image005.png@01DBC683.8D682630]<https://www.youtube.com/QtStudios>



_______________________________________________
Announce mailing list
annou...@qt-project.org
https://lists.qt-project.org/listinfo/announce

-- 
Development mailing list
Development@qt-project.org
https://lists.qt-project.org/listinfo/development