Incomplete Cleanup Vulnerability in Qt Network Schannel on Windows
CVE-2025-6338

9.2CRITICAL

Key Information:

Vendor: The Qt Company
Status: Qt
Vendor: CVE Published:; 16 October 2025

🔔 Create The Qt Company Vulnerability Alert

What is CVE-2025-6338?

This vulnerability arises from an incomplete cleanup in the Schannel support of Qt Network on Windows, which can potentially lead to Denial of Service after extended periods of operation. Affected versions include those from Qt 5.15.0 to 6.8.3 and 6.9.0 prior to 6.9.2. Users of these versions should apply necessary patches to mitigate the security risk.

Affected Version(s)

Qt Windows 5.15.0 <= 6.8.3

Qt Windows 6.9.0 < 6.9.2

Qt Windows 0 < 5.15.0

References

https://codereview.qt-project.org/c/qt/qtbase/+/651495

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2025
Vulnerability Reserved
Jun 19, 2025

JSON