CVE-2025-23050

Summary

QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.

Affected Software

VendorProductVersion RangeStatus
QtQt0 < 5.15.19affected
QtQt6.0.0 < 6.5.9affected
QtQt6.6.0 < 6.8.2affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References