Home

Description

GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle (MitM) attack to intercept update requests and replace installer or update packages with malicious files.

PUBLISHED Reserved 2025-08-16 | Published 2025-11-05 | Updated 2025-11-06 | Assigner mitre

References

youtu.be/WchHCmqGaFQ

www.notion.so/...2025-56232-2a04e9f2a40d80dab203e39b5c9462f6

cve.org (CVE-2025-56232)

nvd.nist.gov (CVE-2025-56232)

Download JSON