CVE-2025-12385

Summary

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive.

This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Affected Software

VendorProductVersion RangeStatus
The Qt CompanyQt5.0.0 <= 6.5.10affected
The Qt CompanyQt6.6.0 <= 6.8.5affected
The Qt CompanyQt6.9.0 <= 6.10.0affected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling
  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References