BaseDraft
CWE-295Improper Certificate Validation
Category: other
Description
The product does not validate, or incorrectly validates, a certificate.
Common consequences· 1
- Integrity / Authentication — Bypass Protection Mechanism, Gain Privileges or Assume IdentityWhen a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.
Potential mitigations· 2
- [Architecture and Design, Implementation]Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
- [Implementation]If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Related CAPEC attack patterns· 2
References
Exploits (incoming)2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Creating a Rogue Certification Authority Certificatecapec-459 | 100% | live |
| AttackPattern | Signature Spoofing by Improper Validationcapec-475 | 100% | live |
Compliance frameworks addressing this (incoming)2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | pci_dss_v4-r4 | 100% | live |
| ComplianceControl | iso27001-a.8.23 | 100% | live |
(incoming)73
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-1014cve-2025-1014 | 0% | live |
| Vulnerability | CVE-2025-11619cve-2025-11619 | 0% | live |
| Vulnerability | CVE-2025-1193cve-2025-1193 | 0% | live |
| Vulnerability | CVE-2025-15557cve-2025-15557 | 0% | live |
| Vulnerability | CVE-2025-15573cve-2025-15573 | 0% | live |
| Vulnerability | CVE-2025-15612cve-2025-15612 | 0% | live |
| Vulnerability | CVE-2025-22486cve-2025-22486 | 0% | live |
| Vulnerability | CVE-2025-23114cve-2025-23114 | 0% | live |
| Vulnerability | CVE-2025-28169cve-2025-28169 | 0% | live |
| Vulnerability | CVE-2025-29331cve-2025-29331 | 0% | live |
| Vulnerability | CVE-2025-29883cve-2025-29883 | 0% | live |
| Vulnerability | CVE-2025-29884cve-2025-29884 | 0% | live |
| Vulnerability | CVE-2025-29885cve-2025-29885 | 0% | live |
| Vulnerability | CVE-2025-30277cve-2025-30277 | 0% | live |
| Vulnerability | CVE-2025-30278cve-2025-30278 | 0% | live |
| Vulnerability | CVE-2025-30279cve-2025-30279 | 0% | live |
| Vulnerability | CVE-2025-32878cve-2025-32878 | 0% | live |
| Vulnerability | CVE-2025-33031cve-2025-33031 | 0% | live |
| Vulnerability | CVE-2025-34199cve-2025-34199 | 0% | live |
| Vulnerability | CVE-2025-35434cve-2025-35434 | 0% | live |
| Vulnerability | CVE-2025-36041cve-2025-36041 | 0% | live |
| Vulnerability | CVE-2025-40801cve-2025-40801 | 0% | live |
| Vulnerability | CVE-2025-44018cve-2025-44018 | 0% | live |
| Vulnerability | CVE-2025-46070cve-2025-46070 | 0% | live |
| Vulnerability | CVE-2025-46788cve-2025-46788 | 0% | live |
| Vulnerability | CVE-2025-50944cve-2025-50944 | 0% | live |
| Vulnerability | CVE-2025-54470cve-2025-54470 | 0% | live |
| Vulnerability | CVE-2025-55109cve-2025-55109 | 0% | live |
| Vulnerability | CVE-2025-56231cve-2025-56231 | 0% | live |
| Vulnerability | CVE-2025-6032cve-2025-6032 | 0% | live |
Showing top 30 of 73 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.