Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-14576
Analyzed
More InfoOfficial Page
Source-a59d8014-47c4-4630-ab43-e1b13cbe58e3
View Known Exploited Vulnerability (KEV) details
Published At-30 Apr, 2026 | 13:16
Updated At-05 May, 2026 | 02:57

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.4HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
qt
qt
>>qtdeclarative>>Versions from 6.8.0(inclusive) to 6.8.6(exclusive)
cpe:2.3:a:qt:qtdeclarative:*:*:*:*:*:*:*:*
qt
qt
>>qtdeclarative>>Versions from 6.10.0(inclusive) to 6.10.1(exclusive)
cpe:2.3:a:qt:qtdeclarative:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarya59d8014-47c4-4630-ab43-e1b13cbe58e3
CWE-94Secondarya59d8014-47c4-4630-ab43-e1b13cbe58e3
CWE-94Primarynvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: a59d8014-47c4-4630-ab43-e1b13cbe58e3
CWE ID: CWE-94
Type: Secondary
Source: a59d8014-47c4-4630-ab43-e1b13cbe58e3
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273a59d8014-47c4-4630-ab43-e1b13cbe58e3
Patch
Hyperlink: https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273
Source: a59d8014-47c4-4630-ab43-e1b13cbe58e3
Resource:
Patch
Change History
0Changes found
Details not found