CVE-2025-55174
📋 TL;DR
A file handling vulnerability in KDE Skanpage allows partial file content disclosure when overwriting files. This occurs because the application uses QIODevice::ReadWrite mode instead of QIODevice::WriteOnly, potentially exposing remnants of old files. Users of Skanpage versions before 25.08.0 are affected.
💻 Affected Systems
- KDE Skanpage
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Sensitive data from previously deleted files could be exposed in newly created files, potentially revealing confidential information like scanned documents or system data.
Likely Case
Partial file content leakage when overwriting files, potentially exposing fragments of previously scanned documents or temporary files.
If Mitigated
No data exposure if proper file permissions prevent unauthorized access or if sensitive data is properly sanitized before file operations.
🎯 Exploit Status
Exploitation requires local access and knowledge of file operations. No known active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 25.08.0
Vendor Advisory: https://kde.org/info/security/advisory-20250811-1.txt
Restart Required: No
Instructions:
1. Update Skanpage to version 25.08.0 or later using your distribution's package manager. 2. For source installations: download from https://github.com/KDE/skanpage/tags and compile version 25.08.0+. 3. Verify the fix by checking the version.
🔧 Temporary Workarounds
Avoid file overwrite operations
allUse unique filenames instead of overwriting existing files when saving scans
Manual file cleanup
linuxManually delete old files before creating new ones with the same name
rm oldfile.txt
touch newfile.txt
🧯 If You Can't Patch
- Restrict Skanpage usage to non-sensitive scanning operations
- Implement file system monitoring for unusual file access patterns
🔍 How to Verify
Check if Vulnerable:
Check Skanpage version: if below 25.08.0, system is vulnerableCheck Version:
skanpage --version 2>/dev/null || dpkg -l | grep skanpage || rpm -qa | grep skanpageVerify Fix Applied:
Verify Skanpage version is 25.08.0 or higher and test file overwrite operations📡 Detection & Monitoring
Log Indicators:
- Multiple file open/close operations on same path
- File size anomalies after overwrite
Network Indicators:
- None - local file system vulnerability
SIEM Query:
process.name='skanpage' AND file.path='*' AND file.action='overwrite'