Primary

Context

qBittorrent Local File Access Vulnerability in RSS and Search Widgets

Vulnerability

Patched

A vulnerability in qBittorrent versions prior to 5.1.2 allows local files to be accessed through links in the RSS and Search widgets. The issue arises because the application does not properly validate or block access to local file URLs, potentially leading to unintended file exposure or manipulation.

Impact

Exploitation of this vulnerability could result in unauthorized access to local files, which may be sensitive or private in nature.

Reproduction

The vulnerability can be reproduced by adding an RSS feed or using the Search feature in qBittorrent prior to version 5.1.2. When a link to a local file is included in the feed or search results, qBittorrent will open the file without any warning or validation, bypassing normal security measures.

Remediation

Users can update to qBittorrent version 5.1.2 or later, where this vulnerability has been fixed.

Added: Jul 18, 2025, 8:19 PM

Updated: Jul 18, 2025, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

5.4

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

5.4

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

qBittorrent Local File Access Vulnerability in RSS and Search Widgets

Vulnerability

Impact

Reproduction

Remediation

Affected Products

qBittorrent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating