CVE-2025-14575
Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading
An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory.
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
The Qt Company · QtWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →