CVE-2025-42611

EPSS 0.19%
Veröffentlicht 05.05.2026 11:16:31
Zuletzt bearbeitet 07.05.2026 14:51:53
Quelle a6d3dc9e-0591-4a13-bce7-0f5b31
CVE-Watchlists
Login
Unerledigt
Login

Improper certificate validation in multiple RouterOS services

RouterOS provides various services that rely on correct
verification of client and server certificates to secure confidentiality and
integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),
among others.



The vulnerability lies in shared certificate validation
logic which uses the system certificate store that is shared and equally
trusted by all system services. This causes confusion of scope, allowing any
certificate authority present in the system-wide trust store to be trusted in
any context (with some exceptions), allowing partial or full authentication
bypass in CAPsMAN, OpenVPN, Dot1X and potentially others.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerMikrotik

≫

Produkt RouterOS

Default Statusunaffected

Version <= 7.20.x

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.083

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.cert.si/en/cve-2025-42611/

https://nvd.nist.gov/vuln/detail/CVE-2025-42611

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-42611

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-42611

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-42611