CVE-2025-30348

一、漏洞信息
漏洞编号：CVE-2025-30348
漏洞归属组件：qt5-qtbase
漏洞归属的版本：5.15.10
CVSS V3.0分值：
BaseScore：5.3 Medium
Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
漏洞简述：
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
漏洞公开时间：2025-03-21 15:15
漏洞创建时间：2025-04-02 18:00:06
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2025-30348

更多参考(点击展开)

参考来源	参考链接	来源链接
cve.mitre.org	https://codereview.qt-project.org/c/qt/qtbase/+/581442
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-30348	https://bugzilla.suse.com/show_bug.cgi?id=1239895
suse_bugzilla	https://www.cve.org/CVERecord?id=CVE-2025-30348	https://bugzilla.suse.com/show_bug.cgi?id=1239895
suse_bugzilla	https://codereview.qt-project.org/c/qt/qtbase/+/581442	https://bugzilla.suse.com/show_bug.cgi?id=1239895
amazon_linux_explore	https://access.redhat.com/security/cve/CVE-2025-30348	https://explore.alas.aws.amazon.com/CVE-2025-30348.html
amazon_linux_explore	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30348	https://explore.alas.aws.amazon.com/CVE-2025-30348.html

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
其它
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
		https://codereview.qt-project.org/c/qt/qtbase/+/581442		nvd

二、漏洞分析结构反馈
影响性分析说明：
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
openEuler评分：
5.3
Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
受影响版本排查(受影响/不受影响)：
1.master(5.15.16):受影响
2.openEuler-20.03-LTS-SP4(5.11.1):受影响
3.openEuler-22.03-LTS-SP3(5.15.2):受影响
4.openEuler-22.03-LTS-SP4(5.15.2):受影响
5.openEuler-24.03-LTS(5.15.10):受影响
6.openEuler-24.03-LTS-Next(5.15.10):受影响
7.openEuler-24.03-LTS-SP1(5.15.10):受影响
8.openEuler-24.03-LTS-SP2(5.15.10):

修复是否涉及abi变化(是/否)：
1.master(5.15.16):否
2.openEuler-20.03-LTS-SP4(5.11.1):否
3.openEuler-22.03-LTS-SP3(5.15.2):否
4.openEuler-22.03-LTS-SP4(5.15.2):否
5.openEuler-24.03-LTS(5.15.10):否
6.openEuler-24.03-LTS-Next(5.15.10):否
7.openEuler-24.03-LTS-SP1(5.15.10):否
8.openEuler-24.03-LTS-SP2(5.15.10):

原因说明：
1.master(5.15.16):正常修复
2.openEuler-22.03-LTS-SP3(5.15.2):正常修复
3.openEuler-22.03-LTS-SP4(5.15.2):正常修复
4.openEuler-24.03-LTS(5.15.10):正常修复
5.openEuler-24.03-LTS-Next(5.15.10):正常修复
6.openEuler-24.03-LTS-SP1(5.15.10):正常修复
7.openEuler-20.03-LTS-SP4(5.11.1):暂不修复-暂无解决方案或补丁
8.openEuler-24.03-LTS-SP2(5.15.10):

/reason 机器人故障。

issue状态	操作者	原因
已拒绝	fundawang	机器人故障。

/fetch-cve

/get-cve

影响性分析说明：
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).
openEuler评分：
5.3
Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

受影响版本排查(受影响/不受影响)：
1.master(5.15.10):受影响
2.openEuler-20.03-LTS-SP4(5.11.1):受影响
3.openEuler-22.03-LTS-SP3(5.15.2):受影响
4.openEuler-22.03-LTS-SP4(5.15.2):受影响
5.openEuler-24.03-LTS(5.15.10):受影响
6.openEuler-24.03-LTS-Next(5.15.10):受影响
7.openEuler-24.03-LTS-SP1(5.15.10):受影响

修复是否涉及abi变化(是/否)：
1.master(5.15.10):否
2.openEuler-20.03-LTS-SP4(5.11.1):否
3.openEuler-22.03-LTS-SP3(5.15.2):否
4.openEuler-22.03-LTS-SP4(5.15.2):否
5.openEuler-24.03-LTS(5.15.10):否
6.openEuler-24.03-LTS-Next(5.15.10):否
7.openEuler-24.03-LTS-SP1(5.15.10):否

原因说明：
1.master(5.15.10):正常修复
2.openEuler-20.03-LTS-SP4(5.11.1):暂不修复-暂无解决方案或补丁
3.openEuler-22.03-LTS-SP3(5.15.2):正常修复
4.openEuler-22.03-LTS-SP4(5.15.2):正常修复
5.openEuler-24.03-LTS(5.15.10):正常修复
6.openEuler-24.03-LTS-Next(5.15.10):正常修复
7.openEuler-24.03-LTS-SP1(5.15.10):正常修复

src-openEuler/qt5-qtbase

内容风险标识

评论 (10)

src-openEuler/qt5-qtbase .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2025-30348

评论 (10)

搜索帮助

src-openEuler/qt5-qtbase