CVE-2025-4211

Name	CVE-2025-4211
Description	Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPath API, which can be exploited by attackers to manipulate temporary file paths, potentially leading to unauthorized access and privilege escalation. The affected public API in the Qt Framework is QDir::tempPath() and anything that uses it, such as QStandardPaths with TempLocation, QTemporaryDir, and QTemporaryFile.This issue affects all version of Qt up to and including 5.15.18, from 6.0.0 through 6.5.8, from 6.6.0 through 6.8.1. It is fixed in Qt 5.15.19, Qt 6.5.9, Qt 6.8.2, 6.9.0
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
qt6-base (PTS)	bookworm	6.4.2+dfsg-10	fixed
	sid, trixie	6.8.2+dfsg-6	fixed
qtbase-opensource-src (PTS)	bullseye	5.15.2+dfsg-9+deb11u1	fixed
	bookworm	5.15.8+dfsg-11+deb12u3	fixed
	sid, trixie	5.15.15+dfsg-5	fixed
qtbase-opensource-src-gles (PTS)	bullseye	5.15.2+dfsg-4	fixed
	bookworm	5.15.8+dfsg-3	fixed
	sid, trixie	5.15.15+dfsg-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
qt6-base	source	(unstable)	(not affected)
qtbase-opensource-src	source	(unstable)	(not affected)
qtbase-opensource-src-gles	source	(unstable)	(not affected)

Notes

- qt6-base <not-affected> (Only affects Windows systems)
- qtbase-opensource-src <not-affected> (Only affects Windows systems)
- qtbase-opensource-src-gles <not-affected> (Only affects Windows systems)