CVE-2025-55174
Publication date 26 November 2025
Last updated 26 November 2025
Ubuntu priority
Description
In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| skanpage | 25.10 questing |
Needs evaluation
|
| 25.04 plucky |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.2 · Low
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2025-55174
- https://kde.org/info/security/advisory-20250811-1.txt
- https://commits.kde.org/skanpage/19308900da27b46739f2360426b91479e7179a2f (v25.07.90)
- https://github.com/KDE/skanpage/tags
- https://invent.kde.org/utilities/skanpage/-/commit/de3ad2941054a26920e022dc7c4a3dc16c065b5a