How to fix CVE-2025-10729?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.

Is Memory Corruption affected by CVE-2025-10729?

CVE-2025-10729 presents critical security risk, a use-after-free vulnerability rated CVSS 9.4. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

CVE-2025-10729

EUVD-2025-32489 CRITICAL

2025-10-03 a59d8014-47c4-4630-ab43-e1b13cbe58e3

9.4

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/RE:H/U:Red

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 13, 2026 - 19:29 vuln.today

EUVD ID Assigned

Mar 13, 2026 - 19:29 euvd

EUVD-2025-32489

CVE Published

Oct 03, 2025 - 16:16 nvd

CRITICAL 9.4

Description

The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

Analysis

Use-after-free in SVG pattern parsing — pattern node deleted but accessed later.

Technical Context

CWE-416.

Affected Products

['Affected SVG renderer']

Remediation

Apply fix.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +47

POC: 0

Vendor Status

Ubuntu

Priority: Medium

qt6-svg

Release	Status	Version
jammy	needs-triage	-
noble	needs-triage	-
upstream	needs-triage	-
plucky	ignored	end of life, was needs-triage
questing	needs-triage	-

qtsvg-opensource-src

Release	Status	Version
bionic	needed	-
focal	needed	-
jammy	needed	-
noble	needed	-
upstream	released	6.10.0
xenial	needed	-
plucky	ignored	end of life, was needed
questing	needed	-

Debian

Bug #1117445

qt6-svg

Release	Status	Fixed Version	Urgency
bookworm	vulnerable	6.4.2-2	-
trixie	vulnerable	6.8.2-3	-
forky, sid	vulnerable	6.9.2-5	-
(unstable)	fixed	(unfixed)	-

qtsvg-opensource-src

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	5.15.2-3	-
bookworm	vulnerable	5.15.8-3	-
trixie	vulnerable	5.15.15-2	-
forky, sid	vulnerable	5.15.17-3	-
(unstable)	fixed	(unfixed)	-

CVE-2025-10729 vulnerability details – vuln.today

Back

CVE-2025-10729

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-10729

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code