CVE-2025-55174 is a vulnerability identified in KDE Skanpage, a scanning application commonly used on Linux desktops, prior to version 25.08.0. The root cause lies in the incorrect use of the Qt framework's file handling mode: the application uses QIODevice::ReadWrite instead of QIODevice::WriteOnly when overwriting files. This improper provision of specified functionality (CWE-684) results in a file overwrite operation that does not fully replace the old file's contents. Instead, the new file begins with the new data but is followed by residual data from the previous file, causing partial data leakage. This behavior can inadvertently expose fragments of previously stored information, potentially leading to confidentiality breaches. The vulnerability has a CVSS 3.1 base score of 3.2, reflecting low severity. The attack vector is local (AV:L), requiring the attacker to have local access to the system. The attack complexity is high (AC:H), meaning exploitation is not straightforward. No privileges are required (PR:N), and no user interaction is necessary (UI:N). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact is limited to confidentiality (C:L), with no impact on integrity (I:N) or availability (A:N). There are no known exploits in the wild, and no patches were linked at the time of this report, but it is expected that KDE will release a fix in subsequent versions. The vulnerability is primarily a concern for users who handle sensitive scanned documents and rely on Skanpage for file management. Improper file overwrite could lead to unintended data disclosure if old file fragments are exposed.

For European organizations, the impact of CVE-2025-55174 is primarily related to confidentiality risks due to potential leakage of residual data from previously saved files. While the vulnerability does not affect data integrity or system availability, the exposure of partial old file contents could lead to inadvertent disclosure of sensitive information, especially in environments handling confidential scanned documents such as legal, healthcare, or governmental sectors. The requirement for local access and high attack complexity limits the risk to insider threats or attackers with physical or remote desktop access to affected machines. Organizations relying on KDE Skanpage for document scanning and management on Linux desktops should be aware of this vulnerability. Although the severity is low, failure to address it could undermine data privacy compliance obligations under regulations such as GDPR if sensitive data is exposed. The lack of known exploits reduces immediate risk, but proactive mitigation is advisable to prevent future exploitation.

1. Update KDE Skanpage to version 25.08.0 or later as soon as the patch addressing CVE-2025-55174 is released by KDE. 2. Until patching is possible, restrict local access to systems running vulnerable versions of Skanpage to trusted users only. 3. Implement strict file handling policies to ensure scanned documents are saved securely and old files are securely deleted or overwritten using tools that guarantee complete data erasure. 4. Conduct audits of scanning workflows and file storage practices to detect any instances of residual data leakage. 5. Educate users about the risks of local file manipulation vulnerabilities and encourage use of encrypted storage for sensitive scanned documents. 6. Monitor KDE security advisories and community forums for updates or unofficial patches. 7. Consider alternative scanning solutions temporarily if KDE Skanpage cannot be updated promptly and sensitive data handling is critical. 8. Employ endpoint security measures to detect unauthorized local access attempts that could exploit this vulnerability.