Main Vulnerability Database SB2025081212

SB2025081212 - Information disclosure when overwriting files in KDE Skanpage

Published: August 12, 2025

Security Bulletin ID SB2025081212

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Numeric Truncation Error (CVE-ID: CVE-2025-55174)

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to application does not properly overwrite large files. A remote attacker can trick the victim into overwriting an existing large file, which will lead to the file having contents of the new file at the beginning followed by partial contents of the old file at the end. Such application behavior can lead to information disclosure when the resultant file is shared with an untrusted third-party.

Remediation

Install update from vendor's website.

References

https://kde.org/info/security/advisory-20250811-1.txt