CVE-2025-6338 CRITICAL

CVE-2025-6338: Possible denial of service with multiple incoming connections to a Schannel based server with a TLS backend

Vendor The Qt Company
Product Qt
Weakness CWE-459
Published October 16, 2025
Last update October 16, 2025

CVSS base score

9.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

What the vulnerability does

01Description

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2.

Key dates

02Disclosure timeline

October 16, 2025 CVE published
October 16, 2025 Record updated