CVE-2025-42611

{"id": "CVE-2025-42611", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-42611", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-05T12:38:09.152163Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "affected": [{"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "affectedData": [{"vendor": "Mikrotik", "product": "RouterOS", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "7.20.x"}], "defaultStatus": "unaffected"}]}], "published": "2026-05-05T11:16:31.827", "references": [{"url": "https://www.cert.si/en/cve-2025-42611/", "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "RouterOS provides various services that rely on correct\nverification of client and server certificates to secure confidentiality and\nintegrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),\namong others.\n\n\n\nThe vulnerability lies in shared certificate validation\nlogic which uses the system certificate store that is shared and equally\ntrusted by all system services. This causes confusion of scope, allowing any\ncertificate authority present in the system-wide trust store to be trusted in\nany context (with some exceptions), allowing partial or full authentication\nbypass in CAPsMAN, OpenVPN, Dot1X and potentially others."}], "lastModified": "2026-06-17T09:23:09.440", "sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}