Security advisory for konsole < 25.04.2
David Edmundson
davidedmundson at kde.org
Mon Jun 9 15:28:02 BST 2025
A new security advisory for Konsole has been announced.
KDE Project Security Advisory
=============================
Title: Konsole: Incorrect telnet scheme handling
Risk rating: Critical
CVE: CVE-2025-49091
Versions: Konsole < 25.04.2
Date: 09 June 2025
Overview
========
Konsole supports loading URLs from the scheme handlers such as
telnet://URL. This can be executed regardless of whether the telnet
binary is available.
In this mode konsole had a path where if telnet was not available it
would fall back to using bash for the given arguments provided; which
is the URL provided. This allows an attacker to execute arbitrary
code.
Browsers typically provide a prompt when a user opens an external
scheme handler which would look suspicious, requiring user interaction
to be exploitable.
Impact
======
An attacker could trick a user into executing arbitrary code with a
malicious link and social engineering to make them accept it.
Workaround
==========
Install the telnet client, or delete the file:
/usr/share/applications/ktelnetservice6.desktop
Solution
========
Upgrade to konsole 25.04.2
Or apply the following patch:
http://commits.kde.org/konsole/39ffddb77763a32bc3f039514265506c6be73d48
Credits
=======
Thanks to Dennis Dast (proofnet GmbH) for reporting this issue.
Thanks to Kurt Hindenburg for fixing the issue.
More information about the kde-announce
mailing list