Key Information Vulnerability Overview CVE ID: CVE-2025-7390 Title: Bypass the client certificate trust check of an opc.https server while only secure communication is allowed Release Date: 2025-08-14 CVSS Score: CRITICAL - 9.1/10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) Issue Description CWE ID: CWE-295 Improper Certificate Validation Description: A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication. Impact CAPEC ID: CAPEC-115 Authentication Bypass Description: Authentication bypass Affected Products Solution Patch: OPC UA C++ SDK V6.80.1 Service-Patch References industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.html industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.json