CVE-2025-55014

Aug. 5, 2025, 2:34 p.m.

4.7
Medium

Description

The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.

Product(s) Impacted

Vendor Product Versions
Youdao
  • Stardict
  • 3.0.7+

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-402
Transmission of Private Resources into a New Sphere ('Resource Leak')
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a youdao stardict 3.0.7+ / / / / / / /

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110370
https://lists.debian.org/debian-user/2025/08/msg00076.html
https://packages.debian.org/trixie/stardict
https://packages.debian.org/trixie/stardict-gtk
https://stardict-4.sourceforge.net/index_en.php
https://www.openwall.com/lists/oss-security/2025/08/04/1

Tags

cve@mitre.org
CWE-402
2025-08-04
CVE-2025-55014

CVSS Score

4.7 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

    View Vector String

Timeline

Published: Aug. 4, 2025, 8:15 p.m.
Last Modified: Aug. 5, 2025, 2:34 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.