CVE-2025-70043CRITICAL 9.1EPSS p8.0%

CVE-2025-70043CVE-2025-70043

Description

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.18% probability of exploitation · percentile 8.0% · 2026-06-18T12:00:27Z
Published2026-02-23
Last modified2026-04-15

Underlying weaknesses· 1

CWE-295

References

  1. https://gist.github.com/zcxlighthouse/33cc4342dfe650664548b4531d16b655
  2. https://github.com/Ayms
  3. https://github.com/Ayms/node-To

1

TypeTargetConfidenceTier
WeaknessImproper Certificate Validationcwe-2950%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-9293
CVE
CVE-2026-9758
CVE
CVE-2025-7390
CVE
CVE-2025-3200
CVE
CVE-2026-4434
CVE
CVE-2025-44005
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.