Uncontrolled Search Path Element Vulnerability in OpenSSL TLS Backend of Qt Framework
CVE-2025-14575

1.8LOW

Key Information:

Status
Vendor
CVE Published:
19 May 2026

What is CVE-2025-14575?

The vulnerability in the OpenSSL TLS backend of the Qt Framework permits local attackers to exploit an uncontrolled search path element. By placing a crafted CA certificate file in the application's working directory, the attacker can load a rogue certificate, thereby allowing them to manipulate the trust settings of the application. This presents significant risks to the integrity and confidentiality of data handled by Qt-based applications.

Affected Version(s)

Qt Linux 5.0.0 <= 5.15.19

Qt Linux 6.0.0 <= 6.5.9

Qt Linux 6.6.0 <= 6.8.3

References

CVSS V4

Score:
1.8
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.