CVE-2025-55174
Publication date 26 November 2025
Last updated 26 November 2025
Ubuntu priority
Description
In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| skanpage | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy | Not in release |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
3.2 · Low
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2025-55174
- https://kde.org/info/security/advisory-20250811-1.txt
- https://commits.kde.org/skanpage/19308900da27b46739f2360426b91479e7179a2f (v25.07.90)
- https://github.com/KDE/skanpage/tags
- https://invent.kde.org/utilities/skanpage/-/commit/de3ad2941054a26920e022dc7c4a3dc16c065b5a