CVE-2025-42611

Published: Mag 05, 2026 Last Modified: Mag 05, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

RouterOS provides various services that rely on correct
verification of client and server certificates to secure confidentiality and
integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),
among others.

The vulnerability lies in shared certificate validation
logic which uses the system certificate store that is shared and equally
trusted by all system services. This causes confusion of scope, allowing any
certificate authority present in the system-wide trust store to be trusted in
any context (with some exceptions), allowing partial or full authentication
bypass in CAPsMAN, OpenVPN, Dot1X and potentially others.

295

Improper Certificate Validation

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Authentication

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity

Applicable Platforms

Technologies: Mobile, Not Technology-Specific, Web Based

View CWE Details

https://www.cert.si/en/cve-2025-42611/

CVE-2025-42611

Description

Improper Certificate Validation

Common Consequences

Applicable Platforms

Iscriviti alla newsletter