Uncontrolled Search Path Element Vulnerability in OpenSSL TLS Backend of Qt Framework
CVE-2025-14575
1.8LOW
What is CVE-2025-14575?
The vulnerability in the OpenSSL TLS backend of the Qt Framework permits local attackers to exploit an uncontrolled search path element. By placing a crafted CA certificate file in the application's working directory, the attacker can load a rogue certificate, thereby allowing them to manipulate the trust settings of the application. This presents significant risks to the integrity and confidentiality of data handled by Qt-based applications.
Affected Version(s)
Qt Linux 5.0.0 <= 5.15.19
Qt Linux 6.0.0 <= 6.5.9
Qt Linux 6.6.0 <= 6.8.3
