CVE-2025-40896

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive information (such as assets and alerts), impersonation of the server, or injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:nozominetworks:arc:*:*:*:*:*:*:*:*

History

17 Jun 2026, 09:22

Type Values Removed Values Added
Summary
  • (es) El certificado del servidor no se verificó cuando un agente Arc se conectó a un Guardian o CMC. Un actor malicioso podría realizar un ataque man-in-the-middle e interceptar la comunicación entre el agente Arc y el Guardian o CMC. Esto podría resultar en el robo del token del cliente e información sensible (como activos y alertas), la suplantación del servidor, o la inyección de datos falsificados (como información falsa de activos o vulnerabilidades) en el Guardian o CMC.

05 Mar 2026, 18:48

Type Values Removed Values Added
References () https://security.nozominetworks.com/NN-2025:18-01 - () https://security.nozominetworks.com/NN-2025:18-01 - Vendor Advisory
First Time Nozominetworks
Nozominetworks arc
CPE cpe:2.3:a:nozominetworks:arc:*:*:*:*:*:*:*:*

04 Mar 2026, 14:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-03-04 14:16

Updated : 2026-06-17 09:22


NVD link : CVE-2025-40896

Mitre link : CVE-2025-40896

CVE.ORG link : CVE-2025-40896


JSON object : View

Products Affected

nozominetworks

  • arc
CWE
CWE-295

Improper Certificate Validation