CVE-2025-10729
published 2025-10-03CVE-2025-10729: The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use…
PriorityP339critical9.4CVSS 4.0
AVLACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSPAUXRXVXREHURed
EPSS
0.20%
10.5th percentile
The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qt6-svg | — | — |
| debian | qtsvg-opensource-src | — | — |
| msrc | azl3_qtsvg_6.6.1-2_on_azure_linux_3.0 | — | — |
| msrc | cbl2_qt5-qtsvg_5.12.11-6_on_cbl_mariner_2.0 | — | — |
| the_qt_company | qt | 6.7.0 – 6.8.4 | — |
| the_qt_company | qt | 6.9.0 – 6.9.2 | — |
CVSS provenance
nvdv4.09.4CRITICALCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:H/U:Red
osv9.4CRITICAL
vendor_debian9.4CRITICAL
vendor_redhat9.4CRITICAL
vendor_msrc9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG
vendor_msrc·2025-10-14·CVSS 9.3
CVE-2025-10729 [CRITICAL] CWE-416 Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG
Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
TQtC: TQtC
Customer Action Required: Yes
Remediation: CBL-Mari
Red Hat
qtsvg: Use-after-free vulnerability in Qt SVG
vendor_redhat·2025-10-03·CVSS 9.4
CVE-2025-10729 [CRITICAL] CWE-416 qtsvg: Use-after-free vulnerability in Qt SVG
qtsvg: Use-after-free vulnerability in Qt SVG
The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
A use after free flaw has been discovered in the Qt SVG library. The `qsvghandler.cpp` module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
Statement: Red Hat products incorporate the Qt SVG library for rendering SVGs to users and as such a user must interact with a malicious SVG file to trigger this vulnerability.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria compr
Debian
CVE-2025-10729: qt6-svg - The module will parse a <pattern> node which is not a child of a structural node...
vendor_debian·2025·CVSS 9.4
CVE-2025-10729 [CRITICAL] CVE-2025-10729: qt6-svg - The module will parse a <pattern> node which is not a child of a structural node...
The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
Scope: local
bookworm: open
forky: open
sid: open
trixie: open
OSV
CVE-2025-10729: The module will parse a node which is not a child of a structural node
osv·2025-10-03·CVSS 9.4
CVE-2025-10729 [CRITICAL] CVE-2025-10729: The module will parse a node which is not a child of a structural node
The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
GHSA
GHSA-cprv-rgr4-v7vh: The module will parse a node which is not a child of a structural node
ghsa_unreviewed·2025-10-03
CVE-2025-10729 [CRITICAL] CWE-416 GHSA-cprv-rgr4-v7vh: The module will parse a node which is not a child of a structural node
The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
blogs_bleepingcomputer·2025-10-14·CVSS 7.8
[HIGH] Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
## Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
## Lawrence Abrams
80 Elevation of Privilege Vulnerabilities
11 Security Feature Bypass Vulnerabilities
31 Remote Code Execution Vulnerabilities
28 Information Disclosure Vulnerabilities
11 Denial of Service Vulnerabilities
10 Spoofing Vulnerabilities
When BleepingComputer reports on the Patch Tuesday security updates, we only count those released today by Microsoft. Therefore, the number of flaws does not include those fixed in Azure, Mariner, Microsoft Edge, and other vulnerabilities earlier this month.
Notably, Windows 10 reaches the end of support today , with this being the last Patch Tuesday where Microsoft provides free security updates to the venerable operating system.
To continue receiving security upd
Bugzilla
CVE-2025-10729 qtsvg: Use-after-free vulnerability in Qt SVG
bugzilla·2025-10-03·CVSS 9.4
CVE-2025-10729 [CRITICAL] CVE-2025-10729 qtsvg: Use-after-free vulnerability in Qt SVG
CVE-2025-10729 qtsvg: Use-after-free vulnerability in Qt SVG
The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:19772 https://access.redhat.com/errata/RHSA-2025:19772
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:21037 https://access.redhat.com/errata/RHSA-2025:21037
2025-10-03
Published