来源

关联漏洞

介绍

# CVE-2025-53964
## Risk assessment
CVSS v3: (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L) - 9.6/10
## Description
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds
a crafted dictionary and then searches for any term included in that dictionary.
## Additional Information
The product provides interface for interaction with external actors, which includes a dangerous method in GoldenDict (ver. 1.5.0, 1.5.1) that is not properly restricted. This allows remote attacker get access to read and modify files on the user file system when a prepared malicious dictionary is added and used in the program.
## Vulnerability type
CWE-749: Exposed Dangerous Method or Function; CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
## Vendor of Product
GoldenDict Project
## Affected Product Code Base
GoldenDict - 1.5.0, 1.5.1
## Affected Component
GoldenDict executable, source code file xdxf.cc, source code file xdxf2html.cc, source code file stardict.cc.
## Attack Type
Remote
## Impact Code execution
true
## Impact Information Disclosure
true
## CVE Impact Other
Access to read and modify files on the user file system
## Attack Vectors
To exploit the vulnerability, a user must add a malicious dictionary to the program and search for any term included in that dictionary.
## Discoverer
Grebennikov Timofey, a specialist in the penetration testing group of the security control department of the development of the Astra Group.
## Reference
https://github.com/goldendict/goldendict/releases
## Details
GoldenDict is a graphical program for searching terms in Wikipedia and locally installed dictionaries. Various dictionary formats are supported, including the XDXF format with XML markup. Dictionaries are distributed on the Internet by other users.

The program uses a browser engine, which is included in the Qt Widgets components package, to render and display words from dictionaries.

Several security violations were discovered at once, which allow the implementation of a critical vulnerability:
1) Lack of sanitization of XML content;
2) Lack of prohibition on execution of JS code;
3) Disabled or weak CSP policy.

Together, these violations lead to the possibility of gaining access to user files by embedding malicious JS code in the XML markup of an XDXF dictionary downloaded from the Internet.
## Proof-of-Concept
PoC will be added to this page within 90 days of the vulnerability being published, or sooner if an official patch is published by the vendor.

文件快照

 [4.0K]  /data/pocs/d8ecfdb8cb80286365eddbf38adcf1b77b1013b6
└── [2.5K]  README.md

0 directories, 1 file

备注