{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/certificate-authority/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["openssl","tls","certificate authority","man-in-the-middle","path traversal"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2025-14575 is an uncontrolled search path element vulnerability residing in the Qt Network component\u0026rsquo;s OpenSSL TLS backend. This flaw allows an attacker to introduce a rogue Certificate Authority (CA) certificate into the system\u0026rsquo;s trust store by manipulating the search path used by Qt to load CA certificates. By exploiting this vulnerability, a malicious actor could potentially intercept and decrypt TLS-protected traffic, conduct man-in-the-middle attacks, and compromise sensitive communications. The vulnerability impacts applications utilizing the vulnerable Qt Network component, particularly those that rely on TLS for secure communication. Defenders should prioritize patching to prevent potential exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable application utilizing the Qt Network component with the flawed OpenSSL TLS backend.\u003c/li\u003e\n\u003cli\u003eAttacker gains write access to a directory within the application\u0026rsquo;s or system\u0026rsquo;s search path for CA certificates.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a rogue CA certificate and places it in the attacker-controlled directory within the search path. The rogue certificate is designed to be trusted by the vulnerable application.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application, when initiating a TLS connection, searches for trusted CA certificates using the flawed search path.\u003c/li\u003e\n\u003cli\u003eThe application loads the attacker\u0026rsquo;s rogue CA certificate from the compromised directory.\u003c/li\u003e\n\u003cli\u003eThe application trusts certificates signed by the rogue CA, enabling the attacker to intercept TLS traffic.\u003c/li\u003e\n\u003cli\u003eAttacker initiates a man-in-the-middle attack by presenting a certificate signed by the rogue CA to the victim application.\u003c/li\u003e\n\u003cli\u003eThe victim application, trusting the rogue CA, accepts the attacker\u0026rsquo;s certificate, allowing the attacker to decrypt and potentially modify the TLS-protected communication.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-14575 can lead to significant security breaches, including the interception of sensitive data transmitted over TLS. This can impact a wide range of applications, including web browsers, email clients, and other network-aware software. The consequences include data theft, credential compromise, and potential reputational damage for affected organizations. The number of potential victims is directly related to the number of applications utilizing the vulnerable Qt Network component.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Microsoft to address CVE-2025-14575 on systems using the vulnerable Qt Network OpenSSL TLS backend, as referenced in the advisory URL.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious CA Certificate Loading via Modified Path\u0026rdquo; to identify potential exploitation attempts targeting this vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for applications loading CA certificates from unusual or unexpected locations in the filesystem, as this could indicate an attempt to exploit CVE-2025-14575.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-23T07:18:31Z","date_published":"2026-05-23T07:18:31Z","id":"https://feed.craftedsignal.io/briefs/2026-05-qt-openssl-path-vuln/","summary":"CVE-2025-14575 describes an uncontrolled search path element vulnerability in the Qt Network OpenSSL TLS backend, allowing for the loading of rogue CA certificates, potentially leading to man-in-the-middle attacks.","title":"CVE-2025-14575 Qt Network OpenSSL TLS Backend Uncontrolled Search Path Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-qt-openssl-path-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — Certificate Authority","version":"https://jsonfeed.org/version/1.1"}