CVE-2025-14575 LOW

CVE-2025-14575: Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading

Vendor The Qt Company
Product Qt
Weakness CWE-427
Published May 19, 2026
Last update May 19, 2026

CVSS base score

1.8/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory.

Key dates

02Disclosure timeline

May 19, 2026 CVE published
May 19, 2026 Record updated