CVE-2025-10728 — Vulnetix

CVE-2025-10728 PUBLISHED CVSS 9.399999618530273 CRITICAL

When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading to stack overflow DoS

EPSS 0.01% · 1.0th percentile

Risk Scores

CVSS 4.0

9.399999618530273

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/RE:H/U:Red

EPSS Score

0.01%

1.0th percentile

Affected Products

Vendor	Product	Versions
The Qt Company	Qt	6.7.0, 6.9.0

Exploit Intelligence

CIRCL seen: CVE-2025-10728 (circl-sighting)
CIRCL seen: CVE-2025-10728 (circl-sighting)
CIRCL seen: CVE-2025-10728 (circl-sighting)
https://codereview.qt-project.org/c/qt/qtsvg/+/654200 (circl)

Timeline

Sep 19, 2025 CVE ID Reserved
Oct 3, 2025 Coalition ESS Score
Oct 3, 2025 CVE Published
Oct 4, 2025 EPSS Score
Oct 4, 2025 PoC Published
Oct 6, 2025 Coalition ESS Score
Oct 6, 2025 CVE Updated
Oct 7, 2025 PoC Published
Oct 8, 2025 PoC Published
Oct 10, 2025 EPSS Score
Oct 17, 2025 EPSS Score
Oct 23, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›