PT-2024-7929 · Unknown+3 · Qbittorrent+3

Published

2024-10-12

Updated

2025-07-04

CVE-2024-51774

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions qBittorrent versions prior to 5.0.1

Description The issue is related to improper SSL/TLS certificate validation in qBittorrent, allowing an attacker to perform a "man-in-the-middle" attack. This could enable a remote attacker to compromise confidential data and integrity. The vulnerability is associated with the use of HTTPS URLs even after certificate validation errors.

Recommendations For qBittorrent versions prior to 5.0.1, update to version 5.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of HTTPS URLs that fail certificate validation to minimize the risk of exploitation. Restrict access to sensitive data and networks to prevent potential compromise.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2025-8573

BDU:2024-09433

CVE-2024-51774

OPENSUSE-SU-2024:0358-1

OPENSUSE-SU-2024:14459-1

ROSA-SA-2025-2573

Affected Products

Alt Linux

Debian

Red Os

Qbittorrent

PT-2024-7929 · Unknown+3 · Qbittorrent+3

CVE-2024-51774

Weakness Enumeration

Related Identifiers

Affected Products

References · 32