CVE-2025-7390 | THREATINT

Description

A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.

PUBLISHED Reserved 2025-07-09 | Published 2025-08-21 | Updated 2025-08-21 | Assigner Softing

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status

unaffected

6.40

affected

Default status

affected

Any version

affected

Default status

affected

Any version

affected

References

industrial.softing.com/.../downloads/2025/CVE-2025-7390.html

industrial.softing.com/.../downloads/2025/CVE-2025-7390.json

cve.org (CVE-2025-7390)

nvd.nist.gov (CVE-2025-7390)

Download JSON

help @ threatint.eu