Possible QML code injection in VectorImage component_CVE-2025-14576

7.4 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U

Description

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.

Basic Information

ID CVE-2025-14576

Source TQtC

Published Apr 30, 2026 at 12:39

Modified Apr 30, 2026 at 13:14

Affected Product

Vendor The Qt Company

Product Qt

Version 6.8.0

Affected Versions The Qt Company Qt 6.8.0
The Qt Company Qt 6.10.0

CWE Classification

CWE-94 CWE-20

References

codereview.qt-project.org /c/qt/qtdeclarative/+/697273

{
    "lastseen": "",
    "description": "Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of service, information disclosure, or other impacts depending on the application's privilege level and data access.",
    "published": "2026-04-30T12:39:40.067Z",
    "modified": "2026-04-30T13:14:04.728Z",
    "type": "cve",
    "title": "Possible QML code injection in VectorImage component",
    "source": "TQtC",
    "references": "https://codereview.qt-project.org/c/qt/qtdeclarative/+/697273",
    "id": "CVE-2025-14576",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94",
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "The Qt Company Qt 6.8.0\nThe Qt Company Qt 6.10.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Qt",
    "version": "6.8.0",
    "vendor": "The Qt Company",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}