KDE Dolphin Improper File Handling in Flatpak Sandboxes Allowing Sandbox Escape
Vulnerability
A vulnerability in KDE Dolphin versions prior to 25.12.3 allows applications in a Flatpak or with AppArmor confinement to access folders outside of their designated sandbox. This issue arises from Dolphin's handling of the FileManager1 protocol, which can be exploited to open scripts or executables without proper oversight. While Dolphin typically prompts users before executing such files, the expected behavior is to block these actions altogether.
Impact
Exploitation of this vulnerability could lead to unauthorized access to the user's file system outside the application sandbox, potentially allowing malicious scripts or executables to be executed with the user's privileges.
Remediation
Users can update to KDE Dolphin version 25.12.3 or later. Alternatively, the vulnerability can be addressed by applying a specific patch available in the KDE Dolphin GitLab repository.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.