CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1903 vulnerabilities reference this CWE, most recent first.
CVE-2025-58781 (GCVE-0-2025-58781)
Vulnerability from cvelistv5 – Published: 2025-09-12 05:50 – Updated: 2025-09-12 16:30- CWE-295 - Improper certificate validation
| Vendor | Product | Version | |
|---|---|---|---|
| Wireless Tsukamoto Co., Ltd. | WTW-EAGLE App for iOS |
Affected:
prior to 4.4.1
|
|
| Wireless Tsukamoto Co., Ltd. | WTW-EAGLE App for Android |
Affected:
prior to 4.4.0.10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T16:29:54.152971Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T16:30:11.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WTW-EAGLE App for iOS",
"vendor": "Wireless Tsukamoto Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to 4.4.1"
}
]
},
{
"product": "WTW-EAGLE App for Android",
"vendor": "Wireless Tsukamoto Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "prior to 4.4.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WTW-EAGLE App does not properly validate server certificates, which may allow a man-in-the-middle attacker to monitor encrypted traffic."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper certificate validation",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T05:50:51.104Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://apps.apple.com/jp/app/wtw-eagle/id1365998037?uo=4"
},
{
"url": "https://play.google.com/store/apps/details?id=com.generalcomp.wtw"
},
{
"url": "https://jvn.jp/en/jp/JVN89109713/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-58781",
"datePublished": "2025-09-12T05:50:51.104Z",
"dateReserved": "2025-09-05T05:23:28.373Z",
"dateUpdated": "2025-09-12T16:30:11.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58127 (GCVE-0-2025-58127)
Vulnerability from cvelistv5 – Published: 2025-08-28 12:59 – Updated: 2025-08-28 13:12- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://exchange.checkmk.com/p/powerscale | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58127",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:12:23.271691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:12:57.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://exchange.checkmk.com/packages",
"defaultStatus": "affected",
"packageName": "Dell Powerscale"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felix Eberstaller (Limes Security)"
},
{
"lang": "en",
"type": "finder",
"value": "Jakob Hartmann (Limes Security)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic."
}
],
"impacts": [
{
"capecId": "CAPEC-384",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-384: Application API Message Manipulation via Man-in-the-Middle"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T12:59:36.596Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"tags": [
"product"
],
"url": "https://exchange.checkmk.com/p/powerscale"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lack of TLS validation in plugin Dell Powerscale on Checkmk Exchange"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2025-58127",
"datePublished": "2025-08-28T12:59:36.596Z",
"dateReserved": "2025-08-25T11:50:49.623Z",
"dateUpdated": "2025-08-28T13:12:57.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58126 (GCVE-0-2025-58126)
Vulnerability from cvelistv5 – Published: 2025-08-28 12:59 – Updated: 2025-08-28 13:14- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://exchange.checkmk.com/p/vsan | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:14:02.644892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:14:16.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://exchange.checkmk.com/packages",
"defaultStatus": "affected",
"packageName": "VMware vSAN"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felix Eberstaller (Limes Security)"
},
{
"lang": "en",
"type": "finder",
"value": "Jakob Hartmann (Limes Security)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic."
}
],
"impacts": [
{
"capecId": "CAPEC-384",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-384: Application API Message Manipulation via Man-in-the-Middle"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T12:59:33.842Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"tags": [
"product"
],
"url": "https://exchange.checkmk.com/p/vsan"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lack of TLS validation in plugin VMware vSAN on Checkmk Exchange"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2025-58126",
"datePublished": "2025-08-28T12:59:33.842Z",
"dateReserved": "2025-08-25T11:50:49.622Z",
"dateUpdated": "2025-08-28T13:14:16.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58125 (GCVE-0-2025-58125)
Vulnerability from cvelistv5 – Published: 2025-08-28 12:59 – Updated: 2025-08-28 13:17- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://exchange.checkmk.com/p/freebox-v6 | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:17:05.269773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:17:25.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://exchange.checkmk.com/packages",
"defaultStatus": "affected",
"packageName": "Freebox v6 agent"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felix Eberstaller (Limes Security)"
},
{
"lang": "en",
"type": "finder",
"value": "Jakob Hartmann (Limes Security)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in MitM position to intercept traffic."
}
],
"impacts": [
{
"capecId": "CAPEC-384",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-384: Application API Message Manipulation via Man-in-the-Middle"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T12:59:31.212Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"tags": [
"product"
],
"url": "https://exchange.checkmk.com/p/freebox-v6"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lack of TLS validation in plugin Freebox v6 agent on Checkmk Exchange"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2025-58125",
"datePublished": "2025-08-28T12:59:31.212Z",
"dateReserved": "2025-08-25T11:50:49.622Z",
"dateUpdated": "2025-08-28T13:17:25.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58124 (GCVE-0-2025-58124)
Vulnerability from cvelistv5 – Published: 2025-08-28 12:59 – Updated: 2025-10-07 09:33- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://exchange.checkmk.com/p/check-mk-api | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:18:29.233374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:18:44.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://exchange.checkmk.com/packages",
"defaultStatus": "unaffected",
"packageName": "check-mk-api",
"versions": [
{
"lessThan": "6.1.1",
"status": "affected",
"version": "2.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felix Eberstaller (Limes Security)"
},
{
"lang": "en",
"type": "finder",
"value": "Jakob Hartmann (Limes Security)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic."
}
],
"impacts": [
{
"capecId": "CAPEC-384",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-384: Application API Message Manipulation via Man-in-the-Middle"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T09:33:24.363Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"tags": [
"product"
],
"url": "https://exchange.checkmk.com/p/check-mk-api"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lack of TLS validation in plugin check-mk-api on Checkmk Exchange"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2025-58124",
"datePublished": "2025-08-28T12:59:28.526Z",
"dateReserved": "2025-08-25T11:50:49.622Z",
"dateUpdated": "2025-10-07T09:33:24.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58123 (GCVE-0-2025-58123)
Vulnerability from cvelistv5 – Published: 2025-08-28 12:59 – Updated: 2025-08-28 13:20- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://exchange.checkmk.com/p/bgp-mon | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:19:11.654054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:20:27.456Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://exchange.checkmk.com/packages",
"defaultStatus": "affected",
"packageName": "BGP Monitoring"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Felix Eberstaller (Limes Security)"
},
{
"lang": "en",
"type": "finder",
"value": "Jakob Hartmann (Limes Security)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic."
}
],
"impacts": [
{
"capecId": "CAPEC-384",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-384: Application API Message Manipulation via Man-in-the-Middle"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T12:59:25.737Z",
"orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"shortName": "Checkmk"
},
"references": [
{
"tags": [
"product"
],
"url": "https://exchange.checkmk.com/p/bgp-mon"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lack of TLS validation in plugin BGP Monitoring on Checkmk Exchange"
}
},
"cveMetadata": {
"assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
"assignerShortName": "Checkmk",
"cveId": "CVE-2025-58123",
"datePublished": "2025-08-28T12:59:25.737Z",
"dateReserved": "2025-08-25T11:50:49.622Z",
"dateUpdated": "2025-08-28T13:20:27.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55109 (GCVE-0-2025-55109)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:14 – Updated: 2026-02-26 17:48- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://bmcapps.my.site.com/casemgmt/sc_Knowledge… | vendor-advisory |
| https://bmcapps.my.site.com/casemgmt/sc_Knowledge… | mitigation |
| Vendor | Product | Version | |
|---|---|---|---|
| BMC | Control-M/Agent |
Unaffected:
9.0.21
(semver)
Affected: 9.0.20 (semver) Affected: 9.0.19 (semver) Affected: 9.0.18 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T03:55:55.926080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:32.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Control-M/Agent",
"vendor": "BMC",
"versions": [
{
"status": "unaffected",
"version": "9.0.21",
"versionType": "semver"
},
{
"status": "affected",
"version": "9.0.20",
"versionType": "semver"
},
{
"status": "affected",
"version": "9.0.19",
"versionType": "semver"
},
{
"status": "affected",
"version": "9.0.18",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Airbus SAS - Jean-Romain Garnier - seclab@airbus.com"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eAn authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent.\u003c/p\u003eThe Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eIn addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS#12 keystore. A remote attacker with access to a signed third-party or demo certificate for client authentication can bypass the need for a certificate signed by the certificate authority of the organization during authentication on the Control-M/Agent.\n\nThe Control-M/Agent contains hardcoded certificates which are only trusted as fallback if an empty kdb keystore is used; they are never trusted if a PKCS#12 keystore is used. All of these certificates are now expired.\n\n\nIn addition, the Control-M/Agent default kdb and PKCS#12 keystores contain trusted third-party certificates (external recognized CAs and default self-signed demo certificates) which are trusted for client authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T12:14:36.357Z",
"orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"shortName": "airbus"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000442099"
},
{
"tags": [
"mitigation"
],
"url": "https://bmcapps.my.site.com/casemgmt/sc_KnowledgeArticle?sfdcid=000441963"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BMC Control-M/Agent default SSL/TLS configuration authenticated bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"assignerShortName": "airbus",
"cveId": "CVE-2025-55109",
"datePublished": "2025-09-16T12:14:36.357Z",
"dateReserved": "2025-08-07T07:23:59.125Z",
"dateUpdated": "2026-02-26T17:48:32.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54809 (GCVE-0-2025-54809)
Vulnerability from cvelistv5 – Published: 2025-08-13 14:46 – Updated: 2025-08-13 14:59- CWE-295 - Improper Certificate Validation
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000152049 | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T14:59:34.216996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T14:59:48.855Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"F5 Access for Android"
],
"platforms": [
"Android"
],
"product": "F5 Access",
"vendor": "F5",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "3.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2025-08-13T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eF5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity.\u003c/span\u003e\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T14:46:53.466Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000152049"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "F5 Access for Android vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2025-54809",
"datePublished": "2025-08-13T14:46:53.466Z",
"dateReserved": "2025-07-29T17:12:25.000Z",
"dateUpdated": "2025-08-13T14:59:48.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54607 (GCVE-0-2025-54607)
Vulnerability from cvelistv5 – Published: 2025-08-06 01:10 – Updated: 2025-08-06 15:41- CWE-295 - Improper Certificate Validation
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T15:04:16.546099Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T15:41:06.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authentication management vulnerability in the ArkWeb module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"value": "Authentication management vulnerability in the ArkWeb module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T01:10:31.063Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/8/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-54607",
"datePublished": "2025-08-06T01:10:31.063Z",
"dateReserved": "2025-07-28T03:55:34.526Z",
"dateUpdated": "2025-08-06T15:41:06.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54470 (GCVE-0-2025-54470)
Vulnerability from cvelistv5 – Published: 2025-10-30 09:38 – Updated: 2025-10-30 14:01- CWE-295 - Improper Certificate Validation
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T14:00:57.006132Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T14:01:08.513Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "https://github.com/neuvector/neuvector",
"product": "neuvector",
"vendor": "SUSE",
"versions": [
{
"lessThan": "5.3.5",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThan": "5.4.7",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThan": "0.0.0-20251020133207-084a437033b4",
"status": "affected",
"version": "0.0.0-20230727023453-1c4957d53911",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-10-21T18:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability affects NeuVector deployments only when the \u003ccode\u003eReport anonymous cluster data option\u003c/code\u003e is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server.\u003c/p\u003e\n\u003cp\u003eIn affected versions, NeuVector does not enforce TLS \ncertificate verification when transmitting anonymous cluster data to the\n telemetry server. As a result, the communication channel is susceptible\n to man-in-the-middle (MITM) attacks, where an attacker could intercept \nor modify the transmitted data. Additionally, NeuVector loads the \nresponse of the telemetry server is loaded into memory without size \nlimitation, which makes it vulnerable to a Denial of Service(DoS) \nattack\u003c/p\u003e"
}
],
"value": "This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server.\n\n\nIn affected versions, NeuVector does not enforce TLS \ncertificate verification when transmitting anonymous cluster data to the\n telemetry server. As a result, the communication channel is susceptible\n to man-in-the-middle (MITM) attacks, where an attacker could intercept \nor modify the transmitted data. Additionally, NeuVector loads the \nresponse of the telemetry server is loaded into memory without size \nlimitation, which makes it vulnerable to a Denial of Service(DoS) \nattack"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T09:38:58.261Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54470"
},
{
"url": "https://github.com/neuvector/neuvector/security/advisories/GHSA-qqj3-g7mx-5p4w"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NeuVector telemetry sender is vulnerable to MITM and DoS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-54470",
"datePublished": "2025-10-30T09:38:58.261Z",
"dateReserved": "2025-07-23T08:11:16.425Z",
"dateUpdated": "2025-10-30T14:01:08.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.