CVE-2025-27377— Missing Validation of Self-Signed Certificates in Altium Designer Allows Man-in-the-Middle Attacks
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-27377
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Validation of Self-Signed Certificates in Altium Designer Allows Man-in-the-Middle Attacks
Source: NVD (National Vulnerability Database)
Vulnerability Description
Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensitive design data.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
证书验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Altium Designer 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Altium Designer是美国Altium公司的一个电子设计自动化软件。 Altium Designer 24.9.0版本存在安全漏洞,该漏洞源于未验证云连接的自签名服务器证书,可能导致中间人攻击拦截或操纵网络流量。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Altium | Altium Designer | 24.9 ~ 25.1 | - |
II. Public POCs for CVE-2025-27377
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-27377
请登录查看更多情报信息。
Same Patch Batch · Altium · 2026-01-22 · 4 CVEs total
| CVE-2025-27378 | 8.6 HIGH | SQL Injection in AES Due to Inactive SQL Parsing Configuration |
| CVE-2025-27380 | 7.6 HIGH | HTML Injection Leading to Script Execution in Altium Enterprise Server |
| CVE-2025-27379 | 6.8 MEDIUM | Stored Cross-Site Scripting in AES BOM Viewer |
IV. Related Vulnerabilities
Same vendor: Altium
- CVE-2025-27380
HTML Injection Leading to Script Execution in Altium Enterpr - CVE-2025-27379
Stored Cross-Site Scripting in AES BOM Viewer - CVE-2025-27378
SQL Injection in AES Due to Inactive SQL Parsing Configurati - CVE-2026-1181
Altium 365 Over-Permissive CORS Configuration Allows Credent - CVE-2026-1011
Stored Cross-Site Scripting in Altium Live Support Center Co
Same weakness: CWE-295
V. Comments for CVE-2025-27377
No comments yet