GoldenDict 文件读取与修改漏洞
漏洞信息
漏洞名称: GoldenDict 文件读取与修改漏洞
漏洞编号:
- CVE: CVE-2025-53964
漏洞类型: 文件读取
漏洞等级: 高危
漏洞描述: GoldenDict是一款图形化程序,用于在Wikipedia和本地安装的词典中搜索术语。支持多种词典格式,包括带有XML标记的XDXF格式。词典由其他用户在互联网上分发。该程序使用Qt Widgets组件包中的浏览器引擎来渲染和显示词典中的单词。在GoldenDict 1.5.0和1.5.1版本中,发现了一个暴露的危险方法,当用户添加一个精心制作的词典并搜索该词典中包含的任何术语时,允许读取和修改文件。
漏洞的技术根源在于产品提供了与外部参与者交互的接口,其中包括GoldenDict中的一个危险方法,该方法未受到适当限制。这使得远程攻击者能够在用户文件系统上读取和修改文件,当在程序中添加并使用一个准备好的恶意词典时。
此漏洞的安全风险极高,因为它允许攻击者通过嵌入在从互联网下载的XDXF词典的XML标记中的恶意JS代码,获得对用户文件的访问权限。攻击者可以利用此漏洞进行远程代码执行和数据泄露,且无需用户认证即可自动利用。由于GoldenDict的广泛使用,此漏洞的影响范围较大,可能导致严重的安全问题。
产品厂商: GoldenDict Project
产品名称: GoldenDict
影响版本: 1.5.0, 1.5.1
来源: https://github.com/tigr78/CVE-2025-53964
类型: CVE-2025:github search
仓库文件
- README.md
来源概述
CVE-2025-53964
Suggested description
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds
a crafted dictionary and then searches for any term included in that dictionary.
[Additional Information]
The product provides interface for interaction with external actors, which includes a dangerous method in GoldenDict (ver. 1.5.0, 1.5.1) that is not properly restricted. This allows remote attacker get access to read and modify files on the user file system when a prepared malicious dictionary is added and used in the program.
[VulnerabilityType Other]
CWE-749: Exposed Dangerous Method or Function; CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
[Vendor of Product]
GoldenDict Project
[Affected Product Code Base]
GoldenDict - 1.5.0, 1.5.1
[Affected Component]
GoldenDict executable, source code file xdxf.cc, source code file xdxf2html.cc, source code file stardict.cc.
[Attack Type]
Remote
[Impact Code execution]
true
[Impact Information Disclosure]
true
[CVE Impact Other]
Access to read and modify files on the user file system
[Attack Vectors]
To exploit the vulnerability, a user must add a malicious dictionary to the program and search for any term included in that dictionary.
[Discoverer]
Grebennikov Timofey, a specialist in the penetration testing group of the security control department of the development of the Astra Group
[Reference]
https://github.com/goldendict/goldendict/releases
CVSS v3: (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L) - 9.6/10
Details
GoldenDict is a graphical program for searching terms in Wikipedia and locally installed dictionaries. Various dictionary formats are supported, including the XDXF format with XML markup. Dictionaries are distributed on the Internet by other users.
The program uses a browser engine, which is included in the Qt Widgets components package, to render and display words from dictionaries.
Several security violations were discovered at once, which allow the implementation of a critical vulnerability:
- Lack of sanitization of XML content;
- Lack of prohibition on execution of JS code;
- Disabled or weak CSP policy.
Together, these violations lead to the possibility of gaining access to user files by embedding malicious JS code in the XML markup of an XDXF dictionary downloaded from the Internet.
Proof-of-Concept
PoC will be added to this page within 90 days of the vulnerability being published, or sooner if an official patch is published by the vendor.