{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5991", "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "state": "PUBLISHED", "assignerShortName": "TQtC", "dateReserved": "2025-06-11T06:08:23.434Z", "datePublished": "2025-06-11T07:33:41.071Z", "dateUpdated": "2025-06-11T13:18:09.662Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Qt", "vendor": "The Qt Company", "versions": [{"lessThan": "6.9.0", "status": "unaffected", "version": "0", "versionType": "python"}, {"status": "affected", "version": "6.9.0"}, {"status": "unaffected", "version": "6.9.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There is a \"Use After Free\" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a\n POST request and the simultaneous handling of HTTP error responses.\n\n<p>This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.</p>"}], "value": "There is a \"Use After Free\" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a\n POST request and the simultaneous handling of HTTP error responses.\n\nThis issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 2.1, "baseSeverity": "LOW", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "shortName": "TQtC", "dateUpdated": "2025-06-11T07:33:41.071Z"}, "references": [{"url": "https://codereview.qt-project.org/c/qt/qtbase/+/643777"}], "source": {"discovery": "INTERNAL"}, "title": "Use after free in QHttp2ProtocolHandler", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-11T13:17:41.670069Z", "id": "CVE-2025-5991", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:18:09.662Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5991", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-11T13:17:41.670069Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-11T13:18:05.881Z"}}], "cna": {"title": "Use after free in QHttp2ProtocolHandler", "source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "The Qt Company", "product": "Qt", "versions": [{"status": "unaffected", "version": "0", "lessThan": "6.9.0", "versionType": "python"}, {"status": "affected", "version": "6.9.0"}, {"status": "unaffected", "version": "6.9.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://codereview.qt-project.org/c/qt/qtbase/+/643777"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "There is a \"Use After Free\" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a\n POST request and the simultaneous handling of HTTP error responses.\n\nThis issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.", "supportingMedia": [{"type": "text/html", "value": "There is a \"Use After Free\" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a\n POST request and the simultaneous handling of HTTP error responses.\n\n<p>This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "shortName": "TQtC", "dateUpdated": "2025-06-11T07:33:41.071Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5991", "state": "PUBLISHED", "dateUpdated": "2025-06-11T13:18:09.662Z", "dateReserved": "2025-06-11T06:08:23.434Z", "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "datePublished": "2025-06-11T07:33:41.071Z", "assignerShortName": "TQtC"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "There is a \"Use After Free\" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a\n POST request and the simultaneous handling of HTTP error responses.\n\nThis issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1."}, {"lang": "es", "value": "Existe una vulnerabilidad de \"Use After Free\" en el QHttp2ProtocolHandler de Qt, dentro del m\u00f3dulo QtNetwork. Esta vulnerabilidad solo afecta al controlador de HTTP/2; el controlador de HTTP no se ve afectado en absoluto. Esto ocurre debido a una condici\u00f3n de ejecuci\u00f3n entre la forma en que QHttp2Stream carga el cuerpo de una solicitud POST y el controlador simult\u00e1neo de respuestas de error HTTP. Este problema solo afecta a Qt 6.9.0 y se ha corregido para Qt 6.9.1."}], "id": "CVE-2025-5991", "lastModified": "2025-06-12T16:06:20.180", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "type": "Secondary"}]}, "published": "2025-06-11T08:15:22.933", "references": [{"source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "url": "https://codereview.qt-project.org/c/qt/qtbase/+/643777"}], "sourceIdentifier": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "type": "Secondary"}]}

{"bugzilla": {"description": "qt: Use after free in Qt", "id": "2371671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371671"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-416", "details": ["There is a \"Use After Free\" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a\nPOST request and the simultaneous handling of HTTP error responses.\nThis issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.", "A use-after-free vulnerability has been discovered in Qt's QHttp2ProtocolHandler function. This vulnerability only affects HTTP/2 handling and is the result of a race condition between HTTP body and error response handling."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-5991", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "qt6", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qt3", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qt3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "qt5", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qt5", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-11T07:33:41Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-5991\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-5991\nhttps://codereview.qt-project.org/c/qt/qtbase/+/643777"], "statement": "The specific versions of Qt affected are not shipped in RedHat products.", "threat_severity": "Moderate"}