Home

Description

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options

PUBLISHED Reserved 2026-01-09 | Published 2026-02-23 | Updated 2026-02-23 | Assigner mitre

References

github.com/Ayms

github.com/Ayms/node-To

gist.github.com/...ghthouse/33cc4342dfe650664548b4531d16b655

cve.org (CVE-2025-70043)

nvd.nist.gov (CVE-2025-70043)

Download JSON