CVE-2025-12385

🗓️ 03 Dec 2025 19:38:53Reported by TQtCType

CVE-2025-12385: Qt Quick Text image tag width and height not validated, risking unresponsiveness.

Reporter	Title	Published	Views	Family All 38
Tenable Nessus	Amazon Linux 2 : qt5-qtdeclarative, --advisory ALAS2-2025-3101 (ALAS-2025-3101)	5 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : qt5-qtbase, --advisory ALAS2-2025-3102 (ALAS-2025-3102)	5 Jan 202600:00	–	nessus
Tenable Nessus	Fedora 42 : qt6-qtdeclarative (2025-62d125612b)	16 Dec 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-12385	5 Dec 202500:00	–	nessus
Amazon	Important: qt5-qtdeclarative	5 Jan 202600:00	–	amazon
Amazon	Important: qt5-qtbase	5 Jan 202600:00	–	amazon
AstraLinux	Astra Linux - уязвимость в qtdeclarative-opensource-src	20 May 202605:53	–	astralinux
CBLMariner	CVE-2025-12385 affecting package qtdeclarative for versions less than 6.6.1-2	18 Dec 202523:40	–	cbl_mariner
CBLMariner	CVE-2025-12385 affecting package qt5-qtdeclarative for versions less than 5.12.5-6	18 Mar 202615:31	–	cbl_mariner
Circl	CVE-2025-12385	3 Dec 202521:14	–	circl

CNA

Node

the_qt_company qtRange5.0.0–6.5.10windows

the_qt_company qtRange5.0.0–6.5.10macos

the_qt_company qtRange5.0.0–6.5.10linux

the_qt_company qtRange5.0.0–6.5.10ios

the_qt_company qtRange5.0.0–6.5.10android

the_qt_company qtRange5.0.0–6.5.10x86

the_qt_company qtRange5.0.0–6.5.10arm

the_qt_company qtRange5.0.0–6.5.1064_bit

the_qt_company qtRange5.0.0–6.5.1032_bit

the_qt_company qtRange6.6.0–6.8.5windows

the_qt_company qtRange6.6.0–6.8.5macos

the_qt_company qtRange6.6.0–6.8.5linux

the_qt_company qtRange6.6.0–6.8.5ios

the_qt_company qtRange6.6.0–6.8.5android

the_qt_company qtRange6.6.0–6.8.5x86

the_qt_company qtRange6.6.0–6.8.5arm

the_qt_company qtRange6.6.0–6.8.564_bit

the_qt_company qtRange6.6.0–6.8.532_bit

the_qt_company qtRange6.9.0–6.10.0windows

the_qt_company qtRange6.9.0–6.10.0macos

the_qt_company qtRange6.9.0–6.10.0linux

the_qt_company qtRange6.9.0–6.10.0ios

the_qt_company qtRange6.9.0–6.10.0android

the_qt_company qtRange6.9.0–6.10.0x86

the_qt_company qtRange6.9.0–6.10.0arm

the_qt_company qtRange6.9.0–6.10.064_bit

the_qt_company qtRange6.9.0–6.10.032_bit

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux",
      "iOS",
      "Android",
      "x86",
      "ARM",
      "64 bit",
      "32 bit"
    ],
    "product": "Qt",
    "vendor": "The Qt Company",
    "versions": [
      {
        "lessThanOrEqual": "6.5.10",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "python"
      },
      {
        "lessThanOrEqual": "6.8.5",
        "status": "affected",
        "version": "6.6.0",
        "versionType": "python"
      },
      {
        "lessThanOrEqual": "6.10.0",
        "status": "affected",
        "version": "6.9.0",
        "versionType": "python"
      }
    ]
  }
]

Source	Link
codereview	www.codereview.qt-project.org/c/qt/qtdeclarative/+/687766
codereview	www.codereview.qt-project.org/c/qt/qtdeclarative/+/687239

15 Apr 2026 00:35Current

6.4Medium risk

Vulners AI Score6.4

CVSS 48.7

EPSS0.0012

SSVC

Qt Quick Text component image tag width validation height validation excessive allocation unresponsive app Qt versions