{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-49091", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-06-18T00:12:14.361Z", "dateReserved": "2025-05-31T00:00:00.000Z", "datePublished": "2025-06-11T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Konsole", "vendor": "KDE", "versions": [{"lessThan": "25.04.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-670", "description": "CWE-670 Always-Incorrect Control Flow Implementation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-06-11T00:32:09.368Z"}, "references": [{"url": "https://invent.kde.org/utilities/konsole/-/tags"}, {"url": "https://konsole.kde.org/changelog.html"}, {"url": "https://www.openwall.com/lists/oss-security/2025/06/10/5"}, {"url": "https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75"}, {"url": "https://kde.org/info/security/advisory-20250609-1.txt"}, {"url": "https://proofnet.de/publikationen/konsole_rce.html"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T13:39:14.341137Z", "id": "CVE-2025-49091", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:40:13.765Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00019.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-18T00:12:14.361Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00019.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-06-18T00:12:14.361Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-49091", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-11T13:39:14.341137Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:40:09.736Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L"}}], "affected": [{"vendor": "KDE", "product": "Konsole", "versions": [{"status": "affected", "version": "0", "lessThan": "25.04.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://invent.kde.org/utilities/konsole/-/tags"}, {"url": "https://konsole.kde.org/changelog.html"}, {"url": "https://www.openwall.com/lists/oss-security/2025/06/10/5"}, {"url": "https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75"}, {"url": "https://kde.org/info/security/advisory-20250609-1.txt"}, {"url": "https://proofnet.de/publikationen/konsole_rce.html"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-670", "description": "CWE-670 Always-Incorrect Control Flow Implementation"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-06-11T00:32:09.368Z"}}}, "cveMetadata": {"cveId": "CVE-2025-49091", "state": "PUBLISHED", "dateUpdated": "2025-06-18T00:12:14.361Z", "dateReserved": "2025-05-31T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-06-11T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code."}, {"lang": "es", "value": "KDE Konsole anterior a la versi\u00f3n 25.04.2 permite la ejecuci\u00f3n remota de c\u00f3digo en ciertos escenarios. Admite la carga de URL desde los controladores de esquema, como ssh://, telnet:// o rlogin://. Esto se puede ejecutar independientemente de si el binario ssh, telnet o rlogin est\u00e1 disponible. En este modo, existe una ruta de c\u00f3digo donde, si ese binario no est\u00e1 disponible, Konsole recurre a /bin/bash para los argumentos proporcionados (es decir, la URL). Esto permite a un atacante ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2025-49091", "lastModified": "2025-06-18T01:15:28.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-06-11T01:15:20.547", "references": [{"source": "cve@mitre.org", "url": "https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75"}, {"source": "cve@mitre.org", "url": "https://invent.kde.org/utilities/konsole/-/tags"}, {"source": "cve@mitre.org", "url": "https://kde.org/info/security/advisory-20250609-1.txt"}, {"source": "cve@mitre.org", "url": "https://konsole.kde.org/changelog.html"}, {"source": "cve@mitre.org", "url": "https://proofnet.de/publikationen/konsole_rce.html"}, {"source": "cve@mitre.org", "url": "https://www.openwall.com/lists/oss-security/2025/06/10/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00019.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-670"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "konsole: Konsole Remote Code Execution Vulnerability", "id": "2371635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371635"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-670", "details": ["KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.", "A flaw was found in Konsole. The application's handling of URLs using scheme handlers like ssh://, telnet://, or rlogin:// allows a remote attacker to trigger arbitrary code execution. This issue occurs when a user opens a specially crafted URL, bypassing authentication checks. Consequently, a malicious URL can be used to execute commands on the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-49091", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "konsole", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-06-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-49091\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-49091\nhttps://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75\nhttps://invent.kde.org/utilities/konsole/-/tags\nhttps://kde.org/info/security/advisory-20250609-1.txt\nhttps://konsole.kde.org/changelog.html\nhttps://proofnet.de/publikationen/konsole_rce.html\nhttps://www.openwall.com/lists/oss-security/2025/06/10/5"], "statement": "This vulnerability was rated as an IMPORTANT vulnerability because the Konsole's handling of URLs containing scheme handlers such as ssh://, telnet://, or rlogin://. When a user opens a specially crafted URL, Konsole automatically processes the scheme without adequate validation or authentication enforcement. This behavior allows a remote attacker to craft malicious URLs that can trigger arbitrary command execution on the user\u2019s system, resulting in a severe compromise of system confidentiality, integrity, and availability.", "threat_severity": "Important"}

{}