9.1
CVE-2025-7390
- EPSS 0.24%
- Veröffentlicht 21.08.2025 06:15:35
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 10de8ef9-5c89-4b17-8228-e97b74
- CVE-Watchlists
- Unerledigt
Bypass the client certificate trust check of an opc.https server while only secure communication is allowed
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSofting
≫
Produkt
OPC UA C++ SDK
Default Statusunaffected
Version <=
6.80
Version
6.40
Status
affected
Version
6.80.1
Status
unaffected
HerstellerSofting
≫
Produkt
edgeConnector
Default Statusaffected
Version <=
2025.03
Version
0
Status
affected
Version
SDEX Suite V1.0
Status
unaffected
HerstellerSofting
≫
Produkt
edgeAggregator
Default Statusaffected
Version <=
2025.03
Version
0
Status
affected
Version
SDEX Suite V1.0
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.149 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 10de8ef9-5c89-4b17-8228-e97b74acf4bd | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.html
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-7390.json