KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a…
mitre·CWE-670·Published 2025-06-11
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.
KDE Konsole anterior a la versión 25.04.2 permite la ejecución remota de código en ciertos escenarios. Admite la carga de URL desde los controladores de esquema, como ssh://, telnet:// o rlogin://. Esto se puede ejecutar independientemente de si el binario ssh, telnet o rlogin está disponible. En este modo, existe una ruta de código donde, si ese binario no está disponible, Konsole recurre a /bin/bash para los argumentos proporcionados (es decir, la URL). Esto permite a un atacante ejecutar código arbitrario.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 8.2 | — | — | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L |
| 3.1 | Primary | cve.org | 8.2 | — | — | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L |
| 3.1 | Secondary | NVD | 8.2 | 1.6 | 6.0 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L |