CVE-2025-14575

UNKNOWN 0.0

Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory.

CWE	CWE-427
Vendor	the qt company
Product	qt
Published	May 19, 2026
Last Updated	May 19, 2026

Stay Ahead of the Next One

Get instant alerts for the qt company qt

Be the first to know when new unknown vulnerabilities affecting the qt company qt are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

The Qt Company / Qt

5.0.0 ≤ 5.15.19 6.0.0 ≤ 6.5.9 6.6.0 ≤ 6.8.3 6.9.0 ≤ 6.9.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

codereview.qt-project.org: https://codereview.qt-project.org/c/qt/qtbase/+/642967