Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-44018

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-24 Nov, 2025 | 15:11
Updated At-24 Nov, 2025 | 17:03
Rejected At-
Credits

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:24 Nov, 2025 | 15:11
Updated At:24 Nov, 2025 | 17:03
Rejected At:
â–¼CVE Numbering Authority (CNA)

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Affected Products
Vendor
GL-Inet
Product
GL-AXT1800
Versions
Affected
  • 4.7.0
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295: Improper Certificate Validation
Type: CWE
CWE ID: CWE-295
Description: CWE-295: Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
3.18.3HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Discovered by Lilith >_> of Cisco Talos.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2230
N/A
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2230
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2230
N/A
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2230
Resource: N/A
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:24 Nov, 2025 | 16:15
Updated At:25 Nov, 2025 | 22:16

A firmware downgrade vulnerability exists in the OTA Update functionality of GL-Inet GL-AXT1800 4.7.0. A specially crafted .tar file can lead to a firmware downgrade. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.3HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-295Secondarytalos-cna@cisco.com
CWE ID: CWE-295
Type: Secondary
Source: talos-cna@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2230talos-cna@cisco.com
N/A
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2230af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2230
Source: talos-cna@cisco.com
Resource: N/A
Hyperlink: https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2230
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2024-7570
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-8.3||HIGH
EPSS-1.83% / 82.56%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 18:12
Updated-06 Sep, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user.

Action-Not Available
Vendor-Ivanti Software
Product-neurons_for_itsmITSMneurons_for_itsm
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-6032
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.3||HIGH
EPSS-0.05% / 15.24%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 13:50
Updated-29 Nov, 2025 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Podman: podman missing tls verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8Red Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.17Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.20Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat OpenShift Container Platform 4Red Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux 10
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-40714
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.3||HIGH
EPSS-0.46% / 63.69%
||
7 Day CHG~0.00%
Published-07 Sep, 2024 | 16:11
Updated-01 May, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.

Action-Not Available
Vendor-Veeam Software Group GmbH
Product-veeam_backup_\&_replicationBackup and Recoverybackup_\&_replication
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-27649
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-8.3||HIGH
EPSS-0.18% / 39.14%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 08:55
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-Synology, Inc.
Product-router_managerSynology Router Manager (SRM)
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-27648
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-8.3||HIGH
EPSS-0.19% / 41.01%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 09:00
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-Synology, Inc.
Product-diskstation_managerskynasskynas_firmwareDiskStation Manager (DSM)
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-31105
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.3||HIGH
EPSS-0.25% / 48.30%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:05
Updated-23 Apr, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Argo CD's certificate verification is skipped for connections to OIDC providers

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OpenID Connect (OIDC) provider. A patch for this vulnerability has been released in Argo CD versions 2.4.5, 2.3.6, and 2.2.11. There are no complete workarounds, but a partial workaround is available. Those who use an external OIDC provider (not the bundled Dex instance), can mitigate the issue by setting the `oidc.config.rootCA` field in the `argocd-cm` ConfigMap. This mitigation only forces certificate validation when the API server handles login flows. It does not force certificate verification when verifying tokens on API calls.

Action-Not Available
Vendor-argoprojargoprojThe Linux Foundation
Product-argo-cdargo_cdargo-cd
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-599
Missing Validation of OpenSSL Certificate
Details not found