CVE-2025-49091

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-49091
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-49091.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-49091
Downstream
Published
2025-06-11T01:15:20Z
Modified
2025-07-01T16:32:58.757469Z
Summary
[none]
Details

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.

References

Affected packages

Debian:11 / konsole

Package

Name
konsole
Purl
pkg:deb/debian/konsole?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:20.12.3-1+deb11u1

Affected versions

4:20.*

4:20.12.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / konsole

Package

Name
konsole
Purl
pkg:deb/debian/konsole?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:22.12.3-1+deb12u1

Affected versions

4:22.*

4:22.12.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / konsole

Package

Name
konsole
Purl
pkg:deb/debian/konsole?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:25.04.0-2

Affected versions

4:22.*

4:22.12.3-1

4:23.*

4:23.08.1-1

4:24.*

4:24.05.2-1
4:24.08.0-1
4:24.08.0-2
4:24.12.0-1

4:25.*

4:25.03.90-1
4:25.04.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}