CVE-2025-54310

MEDIUM EPSS 31.7%
Published Jul 18, 202511mo ago ยท Modified Jun 17, 20262w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Jul 18, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
31.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-669

Affected Products 1

VendorProductVersionRange
qbittorrentqbittorrent* <5.1.2

References 3

  • github.com https://github.com/qbittorrent/qBittorrent/commit/6ad073e0bc26c1f9d3530490ece611b49f5bfcab
    Patch
  • github.com https://github.com/qbittorrent/qBittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971
    Patch
  • qbittorrent.org https://www.qbittorrent.org/news#wed-jul-02nd-2025---qbittorrent-v5.1.2-release
    Release Notes

Remediation

  • github.com https://github.com/qbittorrent/qBittorrent/commit/6ad073e0bc26c1f9d3530490ece611b49f5bfcab
    Patch
  • github.com https://github.com/qbittorrent/qBittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971
    Patch