CVE-2025-23050 Overview
CVE-2025-23050 is an out-of-bounds read vulnerability in the QLowEnergyController component of the Qt framework. The vulnerability occurs when processing malformed Bluetooth ATT (Attribute Protocol) commands, which can lead to an out-of-bounds read or division by zero condition. This affects Qt versions prior to 6.8.2, with patches available in versions 5.15.19, 6.5.9, and 6.8.2.
Critical Impact
An attacker within Bluetooth range could exploit this vulnerability to cause a denial of service condition in applications utilizing Qt's Bluetooth Low Energy functionality on Linux systems.
Affected Products
- Qt Framework versions before 5.15.19
- Qt Framework versions 6.x before 6.5.9
- Qt Framework versions 6.6.x and 6.7.x before 6.8.2
Discovery Timeline
- 2025-10-31 - CVE-2025-23050 published to NVD
- 2025-11-04 - Last updated in NVD database
Technical Details for CVE-2025-23050
Vulnerability Analysis
This vulnerability is classified as CWE-125 (Out-of-bounds Read). The QLowEnergyController class in Qt is responsible for managing Bluetooth Low Energy connections and communication. When processing incoming Bluetooth ATT commands, the component fails to properly validate the length and format of received data before accessing memory buffers.
The vulnerability requires an attacker to be within adjacent network range (Bluetooth proximity) and involves high attack complexity. While no authentication or user interaction is required, successful exploitation is limited to causing availability impact through a denial of service condition. The vulnerability does not allow for data exfiltration or integrity violations.
Root Cause
The root cause stems from improper input validation in the QLowEnergyController implementation on Linux systems. When malformed Bluetooth ATT commands are received, the code either attempts to read beyond allocated buffer boundaries (out-of-bounds read) or performs arithmetic operations that can result in division by zero. This occurs because the component does not adequately verify that incoming ATT command payloads conform to expected size constraints before processing.
Attack Vector
The attack vector is via adjacent network (Bluetooth Low Energy proximity). An attacker would need to be within Bluetooth range of the target device running a Qt application that utilizes QLowEnergyController. The attacker would craft and transmit malformed Bluetooth ATT commands designed to trigger the out-of-bounds read or division by zero condition.
The vulnerability mechanism involves sending specially crafted ATT protocol messages that violate expected format constraints. When the vulnerable Qt application receives these malformed messages, the QLowEnergyController component processes them without adequate bounds checking, resulting in memory access violations or arithmetic exceptions that can crash the application.
Detection Methods for CVE-2025-23050
Indicators of Compromise
- Application crashes or unexpected terminations in Qt-based applications utilizing Bluetooth Low Energy functionality
- Segmentation fault signals (SIGSEGV) or floating point exceptions (SIGFPE) in processes using QLowEnergyController
- Abnormal Bluetooth connection attempts or unusual ATT protocol traffic patterns
Detection Strategies
- Monitor system logs for Qt application crashes with stack traces referencing QLowEnergyController or Bluetooth-related functions
- Implement application-level crash reporting to capture segmentation faults in Qt Bluetooth components
- Deploy network monitoring for anomalous Bluetooth Low Energy traffic patterns in proximity to critical systems
Monitoring Recommendations
- Enable crash dump collection for Qt applications utilizing Bluetooth functionality to identify exploitation attempts
- Monitor Bluetooth adapter logs for malformed or unexpected ATT command sequences
- Implement runtime application self-protection (RASP) monitoring for Qt-based applications handling Bluetooth communications
How to Mitigate CVE-2025-23050
Immediate Actions Required
- Upgrade Qt Framework to patched versions: 5.15.19, 6.5.9, or 6.8.2 or later
- Audit applications using QLowEnergyController to identify systems requiring updates
- Consider temporarily disabling Bluetooth Low Energy functionality in affected applications if immediate patching is not possible
- Restrict physical access to environments where vulnerable Qt applications process Bluetooth connections
Patch Information
Qt has released security patches addressing this vulnerability. The fix is included in Qt versions 5.15.19, 6.5.9, and 6.8.2. Organizations should update to these versions or later to remediate the vulnerability. For detailed technical information about the fix, refer to the Qt Project Code Review and the Qt Blog Security Advisory.
Workarounds
- Disable Bluetooth Low Energy functionality in Qt applications if the feature is not essential for business operations
- Implement network segmentation to limit Bluetooth access to trusted zones
- Deploy application sandboxing to contain the impact of potential crashes caused by exploitation attempts
# Example: Check installed Qt version
qmake --version
# Example: Update Qt using package manager (Debian/Ubuntu)
sudo apt update && sudo apt install qt6-base-dev
# Example: Verify QLowEnergyController is not in use (check linked libraries)
ldd /path/to/your/application | grep -i bluetooth
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
