QwikSec

Security Database

CVE

CWE

Training

CVE-2025-14575

Published: May 19, 2026

Modified: May 19, 2026

PUBLISHED

Description

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory.

Vendor	Product	Versions
The Qt Company	Qt	affected `5.0.0 - <= 5.15.19` affected `6.0.0 - <= 6.5.9` affected `6.6.0 - <= 6.8.3` affected `6.9.0 - <= 6.9.1`

Weaknesses (CWE)

References

Gerrit: QSslCertificate::fromPath — reject empty path strings (Qt 6.9.2+)

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.