CVE-2025-14575

Summary

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory.

Affected Software

VendorProductVersion RangeStatus
The Qt CompanyQt5.0.0 <= 5.15.19affected
The Qt CompanyQt6.0.0 <= 6.5.9affected
The Qt CompanyQt6.6.0 <= 6.8.3affected
The Qt CompanyQt6.9.0 <= 6.9.1affected

Weaknesses

  • CWE-427: CWE-427: Uncontrolled Search Path Element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References