cbcvebase.
CVE-2025-30348
published 2025-03-21

CVE-2025-30348: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later…

PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.34%
26.2th percentile
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

Affected

8 ranges
VendorProductVersion rangeFixed in
debianqt6-base< qt6-base 6.8.2+dfsg-5 (forky)qt6-base 6.8.2+dfsg-5 (forky)
debianqtbase-opensource-src< qt6-base 6.8.2+dfsg-5 (forky)qt6-base 6.8.2+dfsg-5 (forky)
debianqtbase-opensource-src-gles< qt6-base 6.8.2+dfsg-5 (forky)qt6-base 6.8.2+dfsg-5 (forky)
msrcazl3_qtbase_6.6.3-3_on_azure_linux_3.0
msrccbl2_qt5-qtbase_5.12.11-16_on_cbl_mariner_2.0
qtqt< 5.15.195.15.19
qtqt>= 6.0.0 < 6.5.96.5.9
qtqt>= 6.6.0 < 6.8.06.8.0

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv5.3MEDIUM
vendor_debian5.8MEDIUM
vendor_msrc5.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.