CVE-2025-55014 MEDIUM

CVE-2025-55014

Vendor Stardict
Product StarDict
Weakness CWE-402
Published August 4, 2025
Last update November 4, 2025

CVSS base score

4.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.

Key dates

02Disclosure timeline

August 4, 2025 CVE published
November 4, 2025 Record updated