CVE Vulnerabilities

CVE-2025-8393

Improper Certificate Validation

Published: Aug 08, 2025 | Modified: Aug 08, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Potential Mitigations

References