CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
CVE-2025-34235 (GCVE-0-2025-34235)
Vulnerability from cvelistv5 – Published: 2025-09-29 20:44 – Updated: 2026-05-15 11:15
VLAI
Title
Vasion Print (formerly PrinterLogic) Weak SSL/TLS Certificate Validation RCE
Summary
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junction‑point DLL injection. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
Severity
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://pierrekim.github.io/blog/2025-04-08-vasio… | technical-description |
| https://help.printerlogic.com/va/Print/Security/S… | vendor-advisorypatch |
| https://help.printerlogic.com/saas/Print/Security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/vasion-print… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Vasion | Print Virtual Appliance Host |
Affected:
0 , < 25.1.102
(semver)
|
|
| Vasion | Print Application |
Affected:
0 , < 25.1.1413
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34235",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T15:04:44.186500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T15:04:58.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-lpe-04"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"HKLM\\SOFTWARE\\PrinterLogic\\PrinterInstaller\\Overrides\\IgnoreCertificateFailures"
],
"product": "Print Virtual Appliance Host",
"vendor": "Vasion",
"versions": [
{
"lessThan": "25.1.102",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"HKLM\\SOFTWARE\\PrinterLogic\\PrinterInstaller\\Overrides\\IgnoreCertificateFailures"
],
"product": "Print Application",
"vendor": "Vasion",
"versions": [
{
"lessThan": "25.1.1413",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.1.1413",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Barre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junction\u2011point DLL injection.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003eThis vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.\u003cbr\u003e"
}
],
"value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junction\u2011point DLL injection.\u00a0This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced."
}
],
"impacts": [
{
"capecId": "CAPEC-217",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-217 Exploiting Incorrectly Configured SSL/TLS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T11:15:38.083Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-lpe-04"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-weak-ssl-tls-certificate-validation-rce"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Vasion Print (formerly PrinterLogic) Weak SSL/TLS Certificate Validation RCE",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34235",
"datePublished": "2025-09-29T20:44:01.002Z",
"dateReserved": "2025-04-15T19:15:22.575Z",
"dateUpdated": "2026-05-15T11:15:38.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3463 (GCVE-0-2025-3463)
Vulnerability from cvelistv5 – Published: 2025-05-09 05:37 – Updated: 2025-05-19 02:35
VLAI
Summary
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.
Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.
Severity
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.asus.com/content/asus-product-securit… | vendor-advisory |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T13:18:05.295904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T13:18:13.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-11T19:41:48.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://mrbruh.com/asusdriverhub/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DriverHub",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "before 1.0.6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "@leonjza"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints.\"\u0026nbsp;An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.\u003cbr\u003eRefer to the \u0027Security Update for ASUS DriverHub\u0027 section on the ASUS Security Advisory for more information."
}
],
"value": "\"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints.\"\u00a0An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.\nRefer to the \u0027Security Update for ASUS DriverHub\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T02:35:40.756Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.asus.com/content/asus-product-security-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-3463",
"datePublished": "2025-05-09T05:37:06.125Z",
"dateReserved": "2025-04-09T03:38:15.673Z",
"dateUpdated": "2025-05-19T02:35:40.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-35434 (GCVE-0-2025-35434)
Vulnerability from cvelistv5 – Published: 2025-09-17 16:53 – Updated: 2025-09-30 16:32
VLAI
Title
CISA Thorium does not validate TLS connections to Elasticsearch
Summary
CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.
Severity
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
Date Public
2025-08-29 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-35434",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T16:31:55.162232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T16:32:05.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Thorium",
"vendor": "CISA",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": ", OpenAI Security Research"
}
],
"datePublic": "2025-08-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
},
{
"other": {
"content": {
"id": "CVE-2025-35434",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T14:36:27.738818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T16:53:08.899Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"name": "url",
"url": "https://github.com/cisagov/thorium/releases/tag/1.1.2"
},
{
"name": "url",
"url": "https://github.com/cisagov/thorium/blob/main/api/src/models/backends/setup/elastic_setup.rs#L36-L43"
},
{
"name": "url",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35434"
},
{
"name": "url",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json"
}
],
"title": "CISA Thorium does not validate TLS connections to Elasticsearch"
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2025-35434",
"datePublished": "2025-09-17T16:53:08.899Z",
"dateReserved": "2025-04-15T20:57:14.280Z",
"dateUpdated": "2025-09-30T16:32:05.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-35983 (GCVE-0-2025-35983)
Vulnerability from cvelistv5 – Published: 2025-07-10 03:09 – Updated: 2025-07-10 13:11
VLAI
Summary
Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for Controllers once they are connected.
This issue affects Controller 7000:
9.30 prior to vCR9.30.250624a (distributed in 9.30.1871 (MR1)).
Severity
6.5 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gallagher | Controller 7000 |
Affected:
9.30 , < vCR9.30.250624a
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-35983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T13:11:33.717912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T13:11:39.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Controller 7000",
"vendor": "Gallagher",
"versions": [
{
"lessThan": "vCR9.30.250624a",
"status": "affected",
"version": "9.30",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for Controllers once they are connected. \u003c/span\u003e\n\n\u003cp\u003eThis issue affects Controller 7000: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.30 prior to vCR9.30.250624a (distributed in 9.30.1871 (MR1)).\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for Controllers once they are connected. \n\nThis issue affects Controller 7000: \n\n9.30 prior to vCR9.30.250624a (distributed in 9.30.1871 (MR1))."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T03:09:11.847Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-35983"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2025-35983",
"datePublished": "2025-07-10T03:09:11.847Z",
"dateReserved": "2025-06-17T02:18:59.220Z",
"dateUpdated": "2025-07-10T13:11:39.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36005 (GCVE-0-2025-36005)
Vulnerability from cvelistv5 – Published: 2025-07-24 14:52 – Updated: 2025-08-17 01:24
VLAI
Title
IBM MQ Operator information disclosure
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.
Severity
5.9 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7240431 | vendor-advisorypatch |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* |
|
| IBM | MQ Operator |
Affected:
3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD
cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:* |
|
| IBM | MQ Operator |
Affected:
3.2.0 SC2 , ≤ 3.2.13 SC2
(semver)
cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T15:03:30.894944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T15:04:05.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.6.0:*:*:*:continuous_delivery:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.6.0 CD"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.13:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "3.2.13 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-17T01:24:38.369Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7240431"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release.\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.1 CD release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.6.1 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u0026nbsp;cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2\u0026nbsp;icr.io\u0026nbsp;icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.2.14 SC2 release details:\u003cbr\u003eibm-mq-operator\u0026nbsp;v3.2.14 icr.io\u0026nbsp;icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\u003cbr\u003eibm-mqadvanced-server\u0026nbsp;9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\u003cbr\u003eibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\u003cbr\u003e\u003cbr\u003eIBM MQ Container 9.4.3.0-r2 release details:\u003cbr\u003eibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\u003cbr\u003eibm-mqadvanced-server-dev\u0026nbsp;9.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.1 CD release that included IBM supplied MQ Advanced 9.4.3.0-r2 container image. \nIBM MQ Operator v3.2.14 SC2 release that included IBM supplied MQ Advanced 9.4.0.12-r1 container image.\nIBM MQ Container 9.4.3.0-r2 release.\nIBM strongly recommends applying the latest container images. \n\nIBM MQ Operator v3.6.1 CD release details:\nibm-mq-operator\u00a0v3.6.1 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:b1bbebeb361e9e59311684da233c7d5978ffe17a78feb03eeb2411df9a0f5d03\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-integration 9.4.3.0-r2 cp.icr.io\u00a0cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:534c801a22338398bfb61ae443eeb6ba84152f0fad5538e212eefab1498336ed\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2\u00a0icr.io\u00a0icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5\n\nIBM MQ Operator v3.2.14 SC2 release details:\nibm-mq-operator\u00a0v3.2.14 icr.io\u00a0icr.io/cpopen/ibm-mq-operator@sha256:3979ba0bc28b6302f453633d3d238323c52679550760803d503ca51073c98cbf\nibm-mqadvanced-server\u00a09.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:222c1500565d08d6ab4dff9c7d550ce9e12909735e699882b79632ebe00dd61d\nibm-mqadvanced-server-integration 9.4.0.12-r1 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:762f4f5e04c682f9ce39d6e189999fb505e373a60791f5a91fc413e4a72be014\nibm-mqadvanced-server-dev\u00a09.4.0.12-r1 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:2d5fa97b1e7f4d3d27c9afa963876172dc634ac861e3a5c5cb1cbf1e81252e15\n\nIBM MQ Container 9.4.3.0-r2 release details:\nibm-mqadvanced-server 9.4.3.0-r2 cp.icr.io cp.icr.io/cp/ibm-mqadvanced-server@sha256:5bd01da84348f4ffb8b96427b6b8a4c471e63153f13e912315c3e7c9b3fffa8d\nibm-mqadvanced-server-dev\u00a09.4.3.0-r2 icr.io icr.io/ibm-messaging/ibm-mqadvanced-server-dev@sha256:c2166a034f620d7479741342255968fe4076e8ce0bf45f1d67705ff1635146d5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ Operator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36005",
"datePublished": "2025-07-24T14:52:53.238Z",
"dateReserved": "2025-04-15T21:16:05.532Z",
"dateUpdated": "2025-08-17T01:24:38.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36041 (GCVE-0-2025-36041)
Vulnerability from cvelistv5 – Published: 2025-06-15 12:51 – Updated: 2025-08-24 11:52
VLAI
Title
IBM MQ improper certificate validation
Summary
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
Severity
4.7 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7236608 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | MQ Operator |
Affected:
2.0.0 LTS , ≤ 2.0.29 LTS
(semver)
Affected: 3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD Affected: 3.2.0 SC2 , ≤ 3.2.10 SC2 (semver) cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:* cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T13:38:47.283894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T13:39:03.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:mq_operator:3.0.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.0.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.1.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.3.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.4.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.0:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.1:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.5.3:*:*:*:continuous_delivery:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.0:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:2.0.29:*:*:*:lts:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.0:*:*:*:support_cycle_2:*:*:*",
"cpe:2.3:a:ibm:mq_operator:3.2.12:*:*:*:support_cycle_2:*:*:*"
],
"defaultStatus": "unaffected",
"product": "MQ Operator",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "2.0.29 LTS",
"status": "affected",
"version": "2.0.0 LTS",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0, 3.0.1, 3.1.0, 3.1.3, 3.4.0, 3.5.0, 3.5.1, 3.5.3 CD"
},
{
"lessThanOrEqual": "3.2.10 SC2",
"status": "affected",
"version": "3.2.0 SC2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
}
],
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:52:26.288Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7236608"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issues mentioned by this security bulletin are addressed in -\u003cbr\u003e\u003cbr\u003eIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \u003cbr\u003eIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\u003cbr\u003eIBM MQ Container 9.4.3.0-r1 release.\u003cbr\u003eNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\u003cbr\u003e\u003cbr\u003eIBM strongly recommends applying the latest container images. \u003cbr\u003e"
}
],
"value": "Issues mentioned by this security bulletin are addressed in -\n\nIBM MQ Operator v3.6.0 CD release that included IBM supplied MQ Advanced 9.4.3.0-r1 container image. \nIBM MQ Operator v3.2.13 SC2 release that included IBM supplied MQ Advanced 9.4.0.11-r3 container image.\nIBM MQ Container 9.4.3.0-r1 release.\nNote: \n\nCVE-2025-36041\n\n is applicable only for IBM MQ Operator v3.6.0 CD and IBM supplied MQ Advanced 9.4.3.0-r1 container image.\n\nIBM strongly recommends applying the latest container images."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM MQ improper certificate validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36041",
"datePublished": "2025-06-15T12:51:06.394Z",
"dateReserved": "2025-04-15T21:16:10.568Z",
"dateUpdated": "2025-08-24T11:52:26.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-37730 (GCVE-0-2025-37730)
Vulnerability from cvelistv5 – Published: 2025-05-06 17:29 – Updated: 2025-05-06 17:51
VLAI
Title
Logstash Improper Certificate Validation in TCP output
Summary
Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.
Severity
6.5 (Medium)
CWE
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37730",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T17:51:38.262496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T17:51:59.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Logstash",
"repo": "https://github.com/elastic/logstash",
"vendor": "Elastic",
"versions": [
{
"lessThan": "8.17.6",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "8.18.1",
"status": "affected",
"version": "8.18.0",
"versionType": "semver"
},
{
"lessThan": "9.0.1",
"status": "affected",
"version": "9.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eImproper certificate validation in Logstash\u0027s TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003essl_verification_mode =\u0026gt; full\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e was set.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Improper certificate validation in Logstash\u0027s TCP output could lead to a man-in-the-middle (MitM) attack in \u201cclient\u201d mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode =\u003e full was set."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T17:29:07.189Z",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"url": "https://discuss.elastic.co/t/logstash-8-17-6-8-18-1-and-9-0-1-security-update-esa-2025-08/377869"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Logstash Improper Certificate Validation in TCP output",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2025-37730",
"datePublished": "2025-05-06T17:29:07.189Z",
"dateReserved": "2025-04-16T03:24:04.510Z",
"dateUpdated": "2025-05-06T17:51:59.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39205 (GCVE-0-2025-39205)
Vulnerability from cvelistv5 – Published: 2025-06-24 12:13 – Updated: 2025-10-01 14:58
VLAI
Summary
A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.
Severity
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 |
Affected:
10.3 , ≤ 10.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:22:05.197451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:42:09.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.6",
"status": "affected",
"version": "10.3",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation."
}
],
"value": "A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation."
}
],
"impacts": [
{
"capecId": "CAPEC-475",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-475 Signature Spoofing by Improper Validation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T14:58:20.730Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2025-39205",
"datePublished": "2025-06-24T12:13:20.791Z",
"dateReserved": "2025-04-16T05:26:03.424Z",
"dateUpdated": "2025-10-01T14:58:20.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40744 (GCVE-0-2025-40744)
Vulnerability from cvelistv5 – Published: 2025-11-11 20:20 – Updated: 2025-11-12 20:12
VLAI
Summary
A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.
Severity
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Solid Edge SE2025 |
Affected:
0 , < V225.0 Update 11
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T20:01:34.466898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:12:57.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Solid Edge SE2025",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V225.0 Update 11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Solid Edge SE2025 (All versions \u003c V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T20:20:34.419Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-522291.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40744",
"datePublished": "2025-11-11T20:20:34.419Z",
"dateReserved": "2025-04-16T08:39:30.030Z",
"dateUpdated": "2025-11-12T20:12:57.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40745 (GCVE-0-2025-40745)
Vulnerability from cvelistv5 – Published: 2026-04-14 08:40 – Updated: 2026-04-14 13:38
VLAI
Summary
A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge SE2026 (All versions < V226.0 Update 04), Tecnomatix Plant Simulation (All versions < V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.
Severity
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Siemens Software Center |
Affected:
0 , < V3.5.8.2
(custom)
|
|
| Siemens | Simcenter 3D |
Affected:
0 , < V2506.6000
(custom)
|
|
| Siemens | Simcenter Femap |
Affected:
0 , < V2506.0002
(custom)
|
|
| Siemens | Simcenter STAR-CCM+ |
Affected:
0 , < V2602
(custom)
|
|
| Siemens | Solid Edge SE2025 |
Affected:
0 , < V225.0 Update 13
(custom)
|
|
| Siemens | Solid Edge SE2026 |
Affected:
0 , < V226.0 Update 04
(custom)
|
|
| Siemens | Tecnomatix Plant Simulation |
Affected:
0 , < V2504.0008
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T13:37:06.968025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T13:38:29.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Siemens Software Center",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.5.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Simcenter 3D",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506.6000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Simcenter Femap",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2506.0002",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Simcenter STAR-CCM+",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2602",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Solid Edge SE2025",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V225.0 Update 13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Solid Edge SE2026",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V226.0 Update 04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Tecnomatix Plant Simulation",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2504.0008",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Siemens Software Center (All versions \u003c V3.5.8.2), Simcenter 3D (All versions \u003c V2506.6000), Simcenter Femap (All versions \u003c V2506.0002), Simcenter STAR-CCM+ (All versions \u003c V2602), Solid Edge SE2025 (All versions \u003c V225.0 Update 13), Solid Edge SE2026 (All versions \u003c V226.0 Update 04), Tecnomatix Plant Simulation (All versions \u003c V2504.0008). Affected applications do not properly validate client certificates to connect to Analytics Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T08:40:38.637Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-981622.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2025-40745",
"datePublished": "2026-04-14T08:40:38.637Z",
"dateReserved": "2025-04-16T08:39:30.030Z",
"dateUpdated": "2026-04-14T13:38:29.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
Phase: Implementation
Description:
- If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.