CVE-2025-54310 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
mitre	CNA	4 MEDIUM				CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Vendor	Product	Version
qbittorrent	qbittorrent	𝑥 < 5.1.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qbittorrent

bullseye	postponed
bookworm	no-dsa
trixie	5.1.0-2 fixed
forky	5.1.4-dmo1 fixed
sid	5.1.4-dmo1 fixed

Common Weakness Enumeration

CWE-669 - Incorrect Resource Transfer Between Spheres
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

References

https://github.com/qbittorrent/qBittorrent/commit/6ad073e0bc26c1f9d3530490ece611b49f5bfcab

https://github.com/qbittorrent/qBittorrent/commit/ad68813fe879ba245a4f41f105ed8d2114a92971

https://www.qbittorrent.org/news#wed-jul-02nd-2025---qbittorrent-v5.1.2-release