CVE-2025-49091

CVE-2025-49091

Name

CVE-2025-49091

Description

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75
cve@mitre.org	https://invent.kde.org/utilities/konsole/-/tags
cve@mitre.org	https://kde.org/info/security/advisory-20250609-1.txt
cve@mitre.org	https://konsole.kde.org/changelog.html
cve@mitre.org	https://proofnet.de/publikationen/konsole_rce.html
cve@mitre.org	https://www.openwall.com/lists/oss-security/2025/06/10/5
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/06/msg00019.html

Type

URI

cve@mitre.org

https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75

cve@mitre.org

https://invent.kde.org/utilities/konsole/-/tags

cve@mitre.org

https://kde.org/info/security/advisory-20250609-1.txt

cve@mitre.org

https://konsole.kde.org/changelog.html

cve@mitre.org

https://proofnet.de/publikationen/konsole_rce.html

cve@mitre.org

https://www.openwall.com/lists/oss-security/2025/06/10/5

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/06/msg00019.html

CPE URI	Source package	Min version	Max version
	konsole	>= 0	< 25.04.2

CPE URI

Source package

Min version

Max version

konsole

>= 0

< 25.04.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
konsole	edge-community	25.04.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
konsole	edge-community	24.12.3-r1	team/kde <bribbers@disroot.org>	possibly vulnerable
konsole	edge-community	24.12.3-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
konsole	edge-community	24.12.2-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
konsole	edge-community	24.12.1-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
konsole	edge-community	24.12.0-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
konsole	edge-community	24.08.3-r0	team/kde <bribbers@disroot.org>	possibly vulnerable
konsole	3.22-community	24.08.3-r0	team/kde <bribbers@disroot.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

konsole

edge-community

25.04.0-r0

team/kde <bribbers@disroot.org>

possibly vulnerable

konsole

edge-community