Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Konsole: Code execution — GLSA 202506-13

An input sanitization flaw in Konsole might allow remote attackers to execute commands via a malicious URL

Affected packages

Package kde-apps/konsole on all architectures
Affected versions < 24.12.3-r1
Unaffected versions >= 24.12.3-r1

Background

Konsole is KDE's terminal emulator.

Description

Konsole supports loading URLs from the scheme handlers such as telnet://URL. This can be executed regardless of whether the telnet binary is available. It would fallback to bash in that case and execute arbitrary code.

Impact

Clicking a malicious URL in a browser may lead to arbitrary code execution. Please review the referenced CVE identifier for details.

Workaround

There is no known workaround at this time.

Resolution

All Konsole users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=kde-apps/konsole-24.12.3-r1"

References

Release date
June 15, 2025

Latest revision
June 15, 2025: 1

Severity
high

Exploitable
remote

Bugzilla entries