icon

We found results for “

CVE-2025-49091

Good to know:

icon

Date: June 10, 2025

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.

Severity Score

Severity Score

Weakness Type (CWE)

Always-Incorrect Control Flow Implementation

CWE-670

Top Fix

icon

Upgrade Version

Upgrade to version https://invent.kde.org/utilities/konsole.git - v25.04.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): LOW

Do you need more information?

Contact Us