CVE-2025-55014
📋 TL;DR
The YouDao plugin in StarDict sends X11 clipboard selections to remote servers via unencrypted HTTP, exposing potentially sensitive copied text to network eavesdroppers. This affects users of StarDict with the YouDao plugin enabled on Debian trixie and other distributions. The vulnerability allows passive interception of clipboard contents sent to dict.youdao.com and dict.cn servers.
💻 Affected Systems
- StarDict
- StarDict-GTK
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers on the same network could intercept sensitive clipboard contents (passwords, credentials, private data) when users copy text that gets sent to the dictionary servers.
Likely Case
Passive network monitoring could capture dictionary lookup queries containing copied text, potentially revealing search terms or other non-critical information.
If Mitigated
With proper network segmentation and HTTPS enforcement, the risk is limited to local network threats only.
🎯 Exploit Status
Exploitation requires network access to intercept HTTP traffic. No authentication bypass needed as the traffic is cleartext.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Debian security updates for fixed version
Vendor Advisory: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110370
Restart Required: No
Instructions:
1. Update StarDict via package manager: sudo apt update && sudo apt upgrade stardict 2. Alternatively, disable the YouDao plugin in StarDict preferences
🔧 Temporary Workarounds
Disable YouDao Plugin
allPrevent the vulnerable plugin from sending data by disabling it in StarDict configuration
Open StarDict → Preferences → Dictionary → Uncheck YouDao dictionary
Network Traffic Blocking
linuxBlock HTTP traffic to dict.youdao.com and dict.cn at firewall level
sudo iptables -A OUTPUT -p tcp -d dict.youdao.com --dport 80 -j DROP
sudo iptables -A OUTPUT -p tcp -d dict.cn --dport 80 -j DROP
🧯 If You Can't Patch
- Disable the YouDao plugin in StarDict preferences immediately
- Use network segmentation to isolate systems running StarDict from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check if YouDao plugin is enabled in StarDict preferences and if version is vulnerable: dpkg -l | grep stardictCheck Version:
dpkg -l | grep stardictVerify Fix Applied:
Verify updated package version and confirm YouDao plugin is disabled or patched📡 Detection & Monitoring
Log Indicators:
- HTTP requests to dict.youdao.com or dict.cn from StarDict process
Network Indicators:
- Cleartext HTTP traffic to dict.youdao.com:80 or dict.cn:80 containing X11 selection data
SIEM Query:
source_ip=* AND dest_ip IN (dict.youdao.com, dict.cn) AND dest_port=80 AND process_name="stardict"🔗 References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110370
- https://lists.debian.org/debian-user/2025/08/msg00076.html
- https://packages.debian.org/trixie/stardict
- https://packages.debian.org/trixie/stardict-gtk
- https://stardict-4.sourceforge.net/index_en.php
- https://www.openwall.com/lists/oss-security/2025/08/04/1
- http://www.openwall.com/lists/oss-security/2025/08/08/2
- https://lwn.net/SubscriberLink/1032732/3334850da49689e1/
- https://news.ycombinator.com/item?id=44872313
