Main Vulnerability Database Vulnerabilities #VU110673

#VU110673 Input validation error in konsole - CVE-2025-49091

Published: June 9, 2025

Vulnerability identifier: #VU110673

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red

CVE-ID: CVE-2025-49091

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
konsole

Software vendor:
KDE.org

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of telnet://URL scheme. A remote attacker can trick the victim into clicking on a specially crafted URL and execute arbitrary console commands on the system with privileges of the current user.

The vulnerability affects installations without telnet client installed.

Remediation

Install updates from vendor's website.

As a temporary solution you can install the telnet client, or delete the file:
/usr/share/applications/ktelnetservice6.desktop

External links

https://kde.org/info/security/advisory-20250609-1.txt

#VU110673 Input validation error in konsole - CVE-2025-49091

Description

Remediation

External links

Please verify you're human