VDB
GCVE-110-MAGEIA-2025-308
GCVE-110-MAGEIA-2025-308
Advisory Published
KDE Konsole before 25.04.2 allows remote code execution in a certain
scenario. It supports loading URLs from the scheme handlers such as a
ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of
whether the ssh, telnet, or rlogin binary is available. In this mode,
there is a code path where if that binary is not available, Konsole
falls back to using /bin/bash for the given arguments (i.e., the URL)
provided. This allows an attacker to execute arbitrary code.
(CVE-2025-49091)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | konsole | 0 (affected), 23.04.3-1.2.mga9 (unaffected) | — |
Aliases
Browse GCVE Records
72,921 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.