CVE-2025-6338Incomplete Cleanup in QT Company QT

CWE-459Incomplete Cleanup3 documents3 sources
Severity
9.2CRITICALNVD
EPSS
0.1%
top 71.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE QT Company QTDebian Qt6-base
Timeline
PublishedOct 16

Description

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Packages2 packages

CVEListV5the_qt_company/qt6.9.06.9.2+1

🔴Vulnerability Details

1
GHSA
GHSA-m4hj-jpxf-jhjp: There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period2025-10-16

📋Vendor Advisories

1
Debian
CVE-2025-6338: qt6-base - There is an incomplete cleanup vulnerability in Qt Network's Schannel support on...2025
CVE-2025-6338 — Incomplete Cleanup in THE QT Company QT | cvebase