CVE-2025-12385

HIGH

Qt <6.5.10, <6.8.5, <6.9.0 - Improper Validation of Specified Quant...

Title source: llm

Description

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

References (2)

[Various Sources] https://codereview.qt-project.org/c/qt/qtdeclarative/+/687239

[Various Sources] https://codereview.qt-project.org/c/qt/qtdeclarative/+/687766

Scores

CVSS v4 8.7

EPSS 0.0014

EPSS Percentile 33.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1284 CWE-770

Status published

Products (3)

The Qt Company/Qt 5.0.0 - 6.5.10

The Qt Company/Qt 6.6.0 - 6.8.5

The Qt Company/Qt 6.9.0 - 6.10.0

Published Dec 03, 2025

Tracked Since Feb 18, 2026