CVE-2025-14576

high Red Hat
CVSS v3 Base Score
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 99% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Published: April 30, 2026 (70 days ago)
Last Modified: April 30, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT

Description

A flaw was found in the Qt SVG module and the VectorImage component in Qt Quick. This vulnerability allows a remote attacker to inject arbitrary QML/JavaScript code by tricking a user into loading a specially crafted malicious SVG file. Successful exploitation could lead to denial of service, information disclosure, or other impacts, depending on the application's privileges and data access.

CWE

CWE-94

Affected Products

Multicluster Global HubRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4Red Hat OpenShift GitOpsRed Hat Enterprise Linux 10Red Hat Hardened Images

Fix Status

✅ Fix Available

References