CVE-2025-54310
BaseFortify
Publication date: 2025-07-18
Last updated on: 2025-10-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qbittorrent | qbittorrent | to 5.1.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-669 | The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in qBittorrent before version 5.1.2 allows the application to open local file URLs when it expects web page URLs, specifically in the RSS and Search modules. This means that if a malicious link referencing a local file is provided, qBittorrent could open that local file unintentionally, potentially exposing local system files or enabling malicious behavior. The issue arises because the application did not check whether URLs were local files before opening them. [1, 3]
How can this vulnerability impact me? :
The vulnerability can lead to unintended access to local files on your system through qBittorrent when opening URLs from RSS feeds or search results. This could expose sensitive local data or be exploited by attackers to trick the application into opening malicious local files. It may also cause security risks by allowing local file inclusion attacks, potentially compromising your system's security or privacy. [1, 3, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves qBittorrent opening local file URLs from RSS feeds or search results. Detection can focus on monitoring qBittorrent's behavior for attempts to open local file URLs. Since the patched version logs warnings and shows user dialogs when such URLs are blocked, you can check qBittorrent logs for warning messages related to blocked local file URL openings. Additionally, network monitoring tools can be used to detect unusual local file access attempts initiated by qBittorrent. However, no specific commands are provided in the resources for direct detection. [3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade qBittorrent to version 5.1.2 or later, which includes patches that prevent opening local file URLs from RSS feeds and search results. The patch adds checks using QUrl::isLocalFile() to block local file URLs, logs warnings, and notifies users via warning dialogs. Ensuring you are running the updated version will protect against exploitation of this vulnerability. [1, 2, 3]