Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 474

474 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CWE-295 represents a critical cryptographic weakness where software fails to properly validate digital certificates, undermining the integrity of secure communications. Attackers typically exploit this flaw by performing man-in-the-middle attacks, intercepting traffic between a client and server. By presenting a forged or invalid certificate, adversaries can decrypt sensitive data, inject malicious content, or impersonate legitimate services without detection. This vulnerability is particularly dangerous in applications relying on Transport Layer Security for confidentiality. To prevent such breaches, developers must implement rigorous certificate validation mechanisms, ensuring that the presented certificate is signed by a trusted Certificate Authority and matches the expected hostname. Additionally, enabling Certificate Pinning and strictly rejecting expired or revoked certificates further hardens the application against interception attempts, thereby preserving the authenticity and security of the data exchange.

MITRE CWE Description
The product does not validate, or incorrectly validates, a certificate.
Common Consequences (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
Mitigations (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2025-40801 Siemens多款产品 信任管理问题漏洞 — COMOS V10.6 8.1 High2025-12-09
CVE-2025-40800 Siemens多款产品 信任管理问题漏洞 — COMOS V10.6 7.4 High2025-12-09
CVE-2025-66491 Traefik has Inverted TLS Verification Logic in its ingress-nginx Provider — traefik 5.9 Medium2025-12-09
CVE-2025-12893 Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server — MongoDB Server 4.2 Medium2025-11-25
CVE-2025-44018 GL-Inet GL-AXT1800 安全漏洞 — GL-AXT1800 8.3 High2025-11-24
CVE-2025-60022 KDDI デジラアプリ App for iOS 信任管理问题漏洞 — 'デジラアプリ' App for iOS 7.4AIHighAI2025-11-17
CVE-2025-65083 GoSign Desktop 信任管理问题漏洞 — GoSign Desktop 3.2 Low2025-11-17
CVE-2025-30669 Zoom Workplace Clients - Improper Certificate Validation — Zoom Workplace Clients 4.8 Medium2025-11-13
CVE-2025-12047 Lenovo Scanner Pro 安全漏洞 — Scanner Pro 5.3 Medium2025-11-12
CVE-2025-10495 Lenovo多款产品 安全漏洞 — App Store 7.5 High2025-11-12
CVE-2025-40744 Siemens Solid Edge SE2025 信任管理问题漏洞 — Solid Edge SE2025 7.5 High2025-11-11
CVE-2025-12943 Improper certificate validation in firmware update logic in NETGEAR RAX30 and RAXE300 — RAX30 9.8 -2025-11-11
CVE-2025-64685 JetBrains YouTrack 信任管理问题漏洞 — YouTrack 8.1 High2025-11-10
CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS — neuvector 8.6 High2025-10-30
CVE-2025-11619 Devolutions Server 安全漏洞 — Devolutions Server 5.9AIMediumAI2025-10-15
CVE-2025-62375 go-witness Improper Verification of AWS EC2 Identity Documents — go-witness 9.1 -2025-10-15
CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default — data-prepper 7.4 High2025-10-15
CVE-2025-10699 Lenovo LeCloud 安全漏洞 — LeCloud Client 5.3 Medium2025-10-15
CVE-2025-6026 Lenovo Universal Device Client 安全漏洞 — Universal Device Client 3.1 Low2025-10-15
CVE-2025-11695 Configuration may unexpectedly disable certificate validation — Rust Driver 8.0 High2025-10-13
CVE-2025-11633 Tomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validation — Furbo 360 3.7 Low2025-10-12
CVE-2025-34235 Vasion Print (formerly PrinterLogic) Weak SSL/TLS Certificate Validation RCE — Print Virtual Appliance Host 9.8AICriticalAI2025-09-29
CVE-2025-10548 Missing Certificate Validation in CleverControl Installer Allows Remote Code Execution — CleverControl employee monitoring software 8.1AIHighAI2025-09-23
CVE-2024-13990 MicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of Updates — eScan AV 8.1 -2025-09-19
CVE-2025-34199 Vasion Print (formerly PrinterLogic) Insecure SSL Verification Allows Man-in-the-Middle Attacks — Print Virtual Appliance Host 9.8 -2025-09-19
CVE-2025-59353 Manager generates mTLS certificates for arbitrary IP addresses — dragonfly 6.5AIMediumAI2025-09-17
CVE-2025-59347 Dragonfly Manager makes requests to external endpoints with disabled TLS authentication — dragonfly 7.4AIHighAI2025-09-17
CVE-2025-35434 CISA Thorium does not validate TLS connections to Elasticsearch — Thorium 4.2 Medium2025-09-17
CVE-2025-9708 Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks — Kubernetes CSharp Client 6.8 Medium2025-09-16
CVE-2025-55109 BMC Control-M/Agent default SSL/TLS configuration authenticated bypass — Control-M/Agent 9.0 Critical2025-09-16

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 474 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.