CVE-2025-54310

low-risk
Published 2025-07-18

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.0/10 Medium
NETWORK / HIGH complexity

Affected Products (1)

Qbittorrent

Affected Vendors

Qbittorrent

References (3)

Patch https://github.com/qbittorrent/qBittorrent/commit/6ad073e0bc26c1f9d3530490ece611...
Patch https://github.com/qbittorrent/qBittorrent/commit/ad68813fe879ba245a4f41f105ed8d...
Release Notes https://www.qbittorrent.org/news#wed-jul-02nd-2025---qbittorrent-v5.1.2-release
18
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal