{"id":"CVE-2025-54310","details":"qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp.","modified":"2026-04-12T17:04:17.471225Z","published":"2025-07-18T20:15:24.880Z","references":[{"type":"ADVISORY","url":"https://www.qbittorrent.org/news#wed-jul-02nd-2025---qbittorrent-v5.1.2-release"},{"type":"FIX","url":"https://github.com/qbittorrent/qBittorrent/commit/6ad073e0bc26c1f9d3530490ece611b49f5bfcab"},{"type":"FIX","url":"https://github.com/qbittorrent/qBittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qbittorrent/qbittorrent","events":[{"introduced":"0"},{"fixed":"202ff8a099cfc1ca9421e7d30944b3c58a4a47cd"},{"fixed":"6ad073e0bc26c1f9d3530490ece611b49f5bfcab"},{"fixed":"ad68813fe879ba245a4f41f105ed8d2114a92971"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.1.2"}]}}],"versions":["release-2.9.0","release-3.0.0","release-4.4.0beta1","release-4.4.0beta2","release-4.4.0beta3","release-4.4.0rc1","release-4.5.0beta1","release-4.6.0alpha1","release-4.6.0beta1","release-5.0.0beta1","release-5.1.0","release-5.1.0beta1","release-5.1.0rc1","release-5.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54310.json","vanir_signatures_modified":"2026-04-12T17:04:17Z","vanir_signatures":[{"target":{"function":"SearchJobWidget::openTorrentPages","file":"src/gui/search/searchjobwidget.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971","deprecated":false,"signature_version":"v1","signature_type":"Function","id":"CVE-2025-54310-5803bc0f","digest":{"function_hash":"138802786715730839955768966459997100539","length":439}},{"target":{"file":"src/gui/search/searchjobwidget.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ad073e0bc26c1f9d3530490ece611b49f5bfcab","deprecated":false,"signature_version":"v1","signature_type":"Line","id":"CVE-2025-54310-62564ebd","digest":{"line_hashes":["95558920530198792454151008355000195288","5001866681895699593566901695931119380","100994219653624636308069646097256937002","49863509691011042774862574727915873711","97093799178266640893762770216375007746","97472157267270118416137799571426632633","278155455618710007848830884730697026409","88207139646758846809822822522295852126","261848349017026793567155936190285446027","95486486489810117168879688884467380914","35368925568324369595192546507552514099","50232612811300508825109820765496611773","119396936627957690719588162143119723926","72081544618212491159928273087549985931","309201436302130584096297314558393136746","319464683015426785281739920028322297772","260257065224864748231111170588824848971","321500637527967035661747997118780964573","296016115417435575024431517320024348320"],"threshold":0.9}},{"target":{"file":"src/gui/rss/rsswidget.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ad073e0bc26c1f9d3530490ece611b49f5bfcab","deprecated":false,"signature_version":"v1","signature_type":"Line","id":"CVE-2025-54310-715c3e6c","digest":{"line_hashes":["68728376690902099336365810538603156581","26260642516438001030183041098577103644","102128571850212609236462985311163147953","194181878597671201508828912725990268751","20666373588885890660373635682932128933","148371100568588227419448058927996475105","117261939586402181074154571547478732574","81081412010834162993083592657624623047","293406834414433627247848606041098122954","284614900114115370390904450186025667887","65827114580948443149659856357722242717","291691855856101520107442990032075508468","203808889636923107900233795182936758584","243050971497233302160790765839831498037","193487378977030477396382980458771470146"],"threshold":0.9}},{"target":{"function":"Article::Article","file":"src/base/rss/rss_article.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971","deprecated":false,"signature_version":"v1","signature_type":"Function","id":"CVE-2025-54310-726c4b7a","digest":{"function_hash":"301926350662493314695088555241580333113","length":594}},{"target":{"file":"src/base/rss/rss_article.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971","deprecated":false,"signature_version":"v1","signature_type":"Line","id":"CVE-2025-54310-73817e1e","digest":{"line_hashes":["145080922346517743903619941508639774995","338001212509107691856735900797235854345","47910511190117594556075322792177625354","291731237667081766853523669950489691641","255646247453904992219371038902124421295","119983975417531922181830730802623983979","14437637493227585712130777680917411239","128133631465293813337231894255637056599","196490258393029374783013554138591110774","176504335796486733553987758953417832621","6784980149871418420617610272024518518","107959401937503987108418951239165383166","331102849556029111243772079158461628485"],"threshold":0.9}},{"target":{"function":"SearchJobWidget::openTorrentPages","file":"src/gui/search/searchjobwidget.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ad073e0bc26c1f9d3530490ece611b49f5bfcab","deprecated":false,"signature_version":"v1","signature_type":"Function","id":"CVE-2025-54310-8ee451fd","digest":{"function_hash":"204167393048500157166842308467646833310","length":476}},{"target":{"function":"convertRelativeUrlToAbsolute","file":"src/gui/rss/rsswidget.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971","deprecated":false,"signature_version":"v1","signature_type":"Function","id":"CVE-2025-54310-a6262b9b","digest":{"function_hash":"330328971771786546646053983983148934331","length":22147}},{"target":{"file":"src/gui/rss/rsswidget.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971","deprecated":false,"signature_version":"v1","signature_type":"Line","id":"CVE-2025-54310-afc88502","digest":{"line_hashes":["297988781314272732375791699200458516869","188832928718134892178979830777865757246","236432569853396212202576737489370359100","86328552859383770294085029106295358577","133162837302398120548294262781795664560"],"threshold":0.9}},{"target":{"file":"src/gui/search/searchjobwidget.h"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ad073e0bc26c1f9d3530490ece611b49f5bfcab","deprecated":false,"signature_version":"v1","signature_type":"Line","id":"CVE-2025-54310-c0f65b95","digest":{"line_hashes":["282924420076041234534654236615595483383","171525544260455909283727205420799920906","41143877064840224378970540174530754323","57905903907017373579704005255520092745"],"threshold":0.9}},{"target":{"function":"convertRelativeUrlToAbsolute","file":"src/gui/rss/rsswidget.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ad073e0bc26c1f9d3530490ece611b49f5bfcab","deprecated":false,"signature_version":"v1","signature_type":"Function","id":"CVE-2025-54310-f3ad0214","digest":{"function_hash":"79724609382970413884995056648569815449","length":22194}},{"target":{"file":"src/gui/search/searchjobwidget.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971","deprecated":false,"signature_version":"v1","signature_type":"Line","id":"CVE-2025-54310-f9baad80","digest":{"line_hashes":["64505947922273471429957629557498945547","84134351535044497124571628718044752506","283330862131649795940952270420488237706","19653739592325802418486238508981502178","72081544618212491159928273087549985931","22801712344808117815412541940872399272","201537616343492700405096562128351990459","273877317529559182656095495664074862374","248500368989451640540980727692232982185","294286590824444234840905889836186882864"],"threshold":0.9}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}