CVE-2025-54310

Name

CVE-2025-54310

Description

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
cve@mitre.org	https://github.com/qbittorrent/qBittorrent/commit/6ad073e0bc26c1f9d3530490ece611b49f5bfcab
cve@mitre.org	https://github.com/qbittorrent/qBittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971
cve@mitre.org	https://www.qbittorrent.org/news#wed-jul-02nd-2025---qbittorrent-v5.1.2-release

Match rules

CPE URI	Source package	Min version	Max version
	qbittorrent	>= 0	< 5.1.2
`cpe:2.3:a:qbittorrent:qbittorrent::::::::`	qbittorrent	>= None	< 5.1.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
qbittorrent	edge-community	5.0.2-r0	Simon Zeni <simon@bl4ckb0ne.ca>	possibly vulnerable
qbittorrent	edge-community	5.0.3-r0	Simon Zeni <simon@bl4ckb0ne.ca>	possibly vulnerable
qbittorrent	edge-community	5.0.4-r0	Simon Zeni <simon@bl4ckb0ne.ca>	possibly vulnerable
qbittorrent	edge-community	5.0.5-r0	Simon Zeni <simon@bl4ckb0ne.ca>	possibly vulnerable
qbittorrent	edge-community	5.1.0-r0	Simon Zeni <simon@bl4ckb0ne.ca>	possibly vulnerable
qbittorrent	edge-community	5.1.1-r0	Simon Zeni <simon@bl4ckb0ne.ca>	possibly vulnerable
qbittorrent	3.22-community	5.0.2-r0	Simon Zeni <simon@bl4ckb0ne.ca>	possibly vulnerable
qbittorrent	3.22-community	5.1.0-r0	Simon Zeni <simon@bl4ckb0ne.ca>	possibly vulnerable