CVE-2025-23050 | THREATINT

Description

QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.

PUBLISHED Reserved 2025-01-10 | Published 2025-10-31 | Updated 2025-10-31 | Assigner mitre

LOW: 3.1CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-125 Out-of-bounds Read

Product status

Default status

unaffected

Any version before 5.15.19

affected

6.0.0 (custom) before 6.5.9

affected

6.6.0 (custom) before 6.8.2

affected

References

codereview.qt-project.org/q/QLowEnergyController

www.qt.io/...security-advisory-qlowenergycontroller-on-linux

cve.org (CVE-2025-23050)

nvd.nist.gov (CVE-2025-23050)

Download JSON