CVE-2025-12385
HIGHQt <6.5.10, <6.8.5, <6.9.0 - Improper Validation of Specified Quant...
Title source: llmDescription
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.
References (2)
Core 2
Core References
Various Sources
https://codereview.qt-project.org/c/qt/qtdeclarative/+/687239
Various Sources
https://codereview.qt-project.org/c/qt/qtdeclarative/+/687766
Scores
CVSS v4
8.7
EPSS
0.0026
EPSS Percentile
17.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1284
CWE-770
Status
published
Products (3)
The Qt Company/Qt
5.0.0 - 6.5.10
The Qt Company/Qt
6.6.0 - 6.8.5
The Qt Company/Qt
6.9.0 - 6.10.0
Published
Dec 03, 2025
Tracked Since
Feb 18, 2026