CVE-2025-55174

#!/usr/bin/env python3 """ CVE-2025-55174 PoC - KDE Skanpage File Overwrite Vulnerability This PoC demonstrates the file content corruption issue when saving files. """ import os import sys from PyQt5.QtCore import QFile, QIODevice def demonstrate_vulnerability(): """ Demonstrates the vulnerable file writing behavior. Original file content is preserved when it should be replaced. """ # Create a test file with original content original_content = "Original file content that should be completely replaced." test_file = "test_document.txt" with open(test_file, 'w') as f: f.write(original_content) # Simulate vulnerable behavior (QIODevice::ReadWrite) # This is what KDE Skanpage was doing incorrectly file = QFile(test_file) if file.open(QIODevice.ReadWrite): # VULNERABLE: Should be WriteOnly new_content = "New content." file.write(new_content.encode()) # File is now: "New content.tent that should be completely replaced." # Old content is partially preserved! file.close() # Read and display the corrupted content with open(test_file, 'r') as f: corrupted_content = f.read() print(f"Original content: {original_content}") print(f"New content: {new_content}") print(f"Actual file content: {corrupted_content}") print(f"\nVulnerability confirmed: Old content leaked after new content!") # Cleanup os.remove(test_file) def demonstrate_fix(): """ Demonstrates the correct fix using WriteOnly mode. """ test_file = "test_document_fixed.txt" original_content = "Original content that will be replaced." with open(test_file, 'w') as f: f.write(original_content) # Correct behavior (QODevice::WriteOnly) file = QFile(test_file) if file.open(QIODevice.WriteOnly): # FIXED: WriteOnly mode new_content = "New content." file.write(new_content.encode()) file.close() with open(test_file, 'r') as f: correct_content = f.read() print(f"Correct file content: {correct_content}") print(f"Content matches expected: {correct_content == new_content}") os.remove(test_file) if __name__ == "__main__": print("=" * 60) print("CVE-2025-55174 - KDE Skanpage File Overwrite Vulnerability PoC") print("=" * 60) demonstrate_vulnerability() print("\n" + "-" * 60 + "\n") demonstrate_fix()

{"cve": {"id": "CVE-2025-55174", "sourceIdentifier": "[email protected]", "published": "2025-11-26T06:15:44.893", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "baseScore": 3.2, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.4, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-684"}]}], "references": [{"url": "https://github.com/KDE/skanpage/tags", "source": "[email protected]"}, {"url": "https://invent.kde.org/utilities/skanpage/-/commit/de3ad2941054a26920e022dc7c4a3dc16c065b5a", "source": "[email protected]"}, {"url": "https://kde.org/info/security/advisory-20250811-1.txt", "source": "[email protected]"}]}}