{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14576", "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "state": "PUBLISHED", "assignerShortName": "TQtC", "dateReserved": "2025-12-12T12:52:21.516Z", "datePublished": "2026-04-30T12:39:40.067Z", "dateUpdated": "2026-04-30T13:14:04.728Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "shortName": "TQtC", "dateUpdated": "2026-04-30T12:51:40.517Z"}, "title": "Possible QML code injection in VectorImage component", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "affected": [{"vendor": "The Qt Company", "product": "Qt", "platforms": ["Windows", "MacOS", "Linux", "iOS", "Android", "x86", "ARM", "64 bit", "32 bit"], "collectionURL": "https://www.qt.io/", "packageName": "qtdeclarative", "modules": ["Qt Declarative (Qt Quick)", "VectorImage Component"], "versions": [{"status": "affected", "version": "6.8.0", "lessThanOrEqual": "6.8.6", "versionType": "python"}, {"status": "affected", "version": "6.10.0", "lessThanOrEqual": "6.10.1", "versionType": "python"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*", "versionStartIncluding": "6.8.0", "versionEndIncluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*", "versionStartIncluding": "6.8.0", "versionEndIncluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*", "versionStartIncluding": "6.8.0", "versionEndIncluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*", "versionStartIncluding": "6.8.0", "versionEndIncluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*", "versionStartIncluding": "6.8.0", "versionEndIncluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*", "versionStartIncluding": "6.8.0", "versionEndIncluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*", "versionStartIncluding": "6.8.0", "versionEndIncluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*", "versionStartIncluding": "6.8.0", "versionEndIncluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*", "versionStartIncluding": "6.8.0", "versionEndIncluding": "6.8.6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*", "versionStartIncluding": "6.10.0", "versionEndIncluding": "6.10.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*", "versionStartIncluding": "6.10.0", "versionEndIncluding": "6.10.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*", "versionStartIncluding": "6.10.0", "versionEndIncluding": "6.10.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*", "versionStartIncluding": "6.10.0", "versionEndIncluding": "6.10.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*", "versionStartIncluding": "6.10.0", "versionEndIncluding": "6.10.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*", "versionStartIncluding": "6.10.0", "versionEndIncluding": "6.10.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*", "versionStartIncluding": "6.10.0", "versionEndIncluding": "6.10.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*", "versionStartIncluding": "6.10.0", "versionEndIncluding": "6.10.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*", "versionStartIncluding": "6.10.0", "versionEndIncluding": "6.10.1"}]}]}], "descriptions": [{"lang": "en", "value": "Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.</p>"}]}], "references": [{"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273", "name": "Qt Code Review - Fix for QTBUG-142556", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.4, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U"}}], "solutions": [{"lang": "en", "value": "Update to Qt 6.8.7 or Qt 6.10.2 or later. As a temporary mitigation, validate and sanitize all SVG files before loading them with VectorImage, or only load SVG files from trusted sources.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Update to Qt 6.8.7 or Qt 6.10.2 or later. As a temporary mitigation, validate and sanitize all SVG files before loading them with VectorImage, or only load SVG files from trusted sources.</p>"}]}], "credits": [{"lang": "en", "value": "Qt Development Team", "type": "finder"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-30T13:13:55.418329Z", "id": "CVE-2025-14576", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-30T13:14:04.728Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14576", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-30T13:13:55.418329Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-30T13:13:59.958Z"}}], "cna": {"title": "Possible QML code injection in VectorImage component", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Qt Development Team"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.4, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "The Qt Company", "modules": ["Qt Declarative (Qt Quick)", "VectorImage Component"], "product": "Qt", "versions": [{"status": "affected", "version": "6.8.0", "versionType": "python", "lessThanOrEqual": "6.8.6"}, {"status": "affected", "version": "6.10.0", "versionType": "python", "lessThanOrEqual": "6.10.1"}], "platforms": ["Windows", "MacOS", "Linux", "iOS", "Android", "x86", "ARM", "64 bit", "32 bit"], "packageName": "qtdeclarative", "collectionURL": "https://www.qt.io/", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to Qt 6.8.7 or Qt 6.10.2 or later. As a temporary mitigation, validate and sanitize all SVG files before loading them with VectorImage, or only load SVG files from trusted sources.", "supportingMedia": [{"type": "text/html", "value": "<p>Update to Qt 6.8.7 or Qt 6.10.2 or later. As a temporary mitigation, validate and sanitize all SVG files before loading them with VectorImage, or only load SVG files from trusted sources.</p>", "base64": false}]}], "references": [{"url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273", "name": "Qt Code Review - Fix for QTBUG-142556", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.", "supportingMedia": [{"type": "text/html", "value": "<p>Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.8.6", "versionStartIncluding": "6.8.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.8.6", "versionStartIncluding": "6.8.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.8.6", "versionStartIncluding": "6.8.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.8.6", "versionStartIncluding": "6.8.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.8.6", "versionStartIncluding": "6.8.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.8.6", "versionStartIncluding": "6.8.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.8.6", "versionStartIncluding": "6.8.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.8.6", "versionStartIncluding": "6.8.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.8.6", "versionStartIncluding": "6.8.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:windows:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.10.1", "versionStartIncluding": "6.10.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:macos:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.10.1", "versionStartIncluding": "6.10.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:linux:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.10.1", "versionStartIncluding": "6.10.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:ios:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.10.1", "versionStartIncluding": "6.10.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:android:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.10.1", "versionStartIncluding": "6.10.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:x86:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.10.1", "versionStartIncluding": "6.10.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:arm:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.10.1", "versionStartIncluding": "6.10.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:64_bit:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.10.1", "versionStartIncluding": "6.10.0"}, {"criteria": "cpe:2.3:a:the_qt_company:qt:*:*:32_bit:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "6.10.1", "versionStartIncluding": "6.10.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "shortName": "TQtC", "dateUpdated": "2026-04-30T12:51:40.517Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14576", "state": "PUBLISHED", "dateUpdated": "2026-04-30T13:14:04.728Z", "dateReserved": "2025-12-12T12:52:21.516Z", "assignerOrgId": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "datePublished": "2026-04-30T12:39:40.067Z", "assignerShortName": "TQtC"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qt:qtdeclarative:*:*:*:*:*:*:*:*", "matchCriteriaId": "06BB3954-EACC-4FD9-B24D-88CBC2043FC3", "versionEndExcluding": "6.8.6", "versionStartIncluding": "6.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qtdeclarative:*:*:*:*:*:*:*:*", "matchCriteriaId": "68D670C7-EF6F-468E-AD32-31F9169A8A20", "versionEndExcluding": "6.10.1", "versionStartIncluding": "6.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access."}], "id": "CVE-2025-14576", "lastModified": "2026-05-05T02:57:05.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "type": "Secondary"}]}, "published": "2026-04-30T13:16:02.850", "references": [{"source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "tags": ["Patch"], "url": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273"}], "sourceIdentifier": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-94"}], "source": "a59d8014-47c4-4630-ab43-e1b13cbe58e3", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}