CVE-2025-54310

MEDIUM

qBittorrent <5.1.2 - Info Disclosure

Title source: llm

Description

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp.

References (3)

[Patch] https://github.com/qbittorrent/qBittorrent/commit/6ad073e0bc26c1f9d3530490ece611b49f5bfcab

View Patch ZIP pw:eip

[Patch] https://github.com/qbittorrent/qBittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971

[Release Notes] https://www.qbittorrent.org/news#wed-jul-02nd-2025---qbittorrent-v5.1.2-release

Scores

CVSS v3 4.0

EPSS 0.0005

EPSS Percentile 16.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-669

Status published

Products (1)

qbittorrent/qbittorrent < 5.1.2

Published Jul 18, 2025

Tracked Since Feb 18, 2026