CVE-2025-55014

Summary

The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.

Affected Software

VendorProductVersion RangeStatus
StarDictStarDict0 <= 3.0.7+git20220909+dfsg-6affected

Weaknesses

  • CWE-402: CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References