目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-295 证书验证不恰当 类漏洞列表 502

CWE-295 证书验证不恰当 类弱点 502 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-295 属于证书验证不当漏洞,指软件未正确验证数字证书的有效性或完整性。攻击者常利用此缺陷实施中间人攻击,通过伪造证书拦截并篡改通信数据,窃取敏感信息或注入恶意代码。开发者应确保严格校验证书链、域名匹配及有效期,禁用弱算法,并启用证书固定机制,以保障传输层安全,防止身份冒充和数据泄露。

MITRE CWE 官方描述
CWE:CWE-295 证书验证不当 英文:产品未对证书进行验证,或验证不正确。
常见影响 (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
缓解措施 (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
代码示例 (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2025-66491 Traefik 安全漏洞 — traefik 5.9 Medium2025-12-09
CVE-2025-12893 MongoDB Server 安全漏洞 — MongoDB Server 4.2 Medium2025-11-25
CVE-2025-44018 GL-Inet GL-AXT1800 安全漏洞 — GL-AXT1800 8.3 High2025-11-24
CVE-2025-60022 KDDI デジラアプリ App for iOS 信任管理问题漏洞 — 'デジラアプリ' App for iOS 7.4AIHighAI2025-11-17
CVE-2025-65083 GoSign Desktop 信任管理问题漏洞 — GoSign Desktop 3.2 Low2025-11-17
CVE-2025-30669 Zoom Clients 安全漏洞 — Zoom Workplace Clients 4.8 Medium2025-11-13
CVE-2025-12047 Lenovo Scanner Pro 安全漏洞 — Scanner Pro 5.3 Medium2025-11-12
CVE-2025-10495 Lenovo多款产品 安全漏洞 — App Store 7.5 High2025-11-12
CVE-2025-40744 Siemens Solid Edge SE2025 信任管理问题漏洞 — Solid Edge SE2025 7.5 High2025-11-11
CVE-2025-12943 NETGEAR RAX30和NETGEAR RAXE300 安全漏洞 — RAX30 9.8 -2025-11-11
CVE-2025-64685 JetBrains YouTrack 信任管理问题漏洞 — YouTrack 8.1 High2025-11-10
CVE-2025-54470 NeuVector 信任管理问题漏洞 — neuvector 8.6 High2025-10-30
CVE-2025-11619 Devolutions Server 安全漏洞 — Devolutions Server 5.9AIMediumAI2025-10-15
CVE-2025-62375 go-witness 信任管理问题漏洞 — go-witness 9.1 -2025-10-15
CVE-2025-62371 OpenSearch Data Prepper 信任管理问题漏洞 — data-prepper 7.4 High2025-10-15
CVE-2025-10699 Lenovo LeCloud 安全漏洞 — LeCloud Client 5.3 Medium2025-10-15
CVE-2025-6026 Lenovo Universal Device Client 安全漏洞 — Universal Device Client 3.1 Low2025-10-15
CVE-2025-11695 MongoDB Rust Driver 安全漏洞 — Rust Driver 8.0 High2025-10-13
CVE-2025-11633 Tomofun Furbo 360和Tomofun Furbo Mini 信任管理问题漏洞 — Furbo 360 3.7 Low2025-10-12
CVE-2025-34235 Vasion Print Virtual Appliance Host 安全漏洞 — Print Virtual Appliance Host 9.8AICriticalAI2025-09-29
CVE-2025-10548 CleverControl 安全漏洞 — CleverControl employee monitoring software 8.1AIHighAI2025-09-23
CVE-2024-13990 MicroWorld eScan AV 安全漏洞 — eScan AV 8.1 -2025-09-19
CVE-2025-34199 Vasion Print和Vasion Print Virtual Appliance Host 安全漏洞 — Print Virtual Appliance Host 9.8 -2025-09-19
CVE-2025-59353 Dragonfly 安全漏洞 — dragonfly 6.5AIMediumAI2025-09-17
CVE-2025-59347 Dragonfly 信任管理问题漏洞 — dragonfly 7.4AIHighAI2025-09-17
CVE-2025-35434 CISA Thorium 安全漏洞 — Thorium 4.2 Medium2025-09-17
CVE-2025-9708 Kubernetes 安全漏洞 — Kubernetes CSharp Client 6.8 Medium2025-09-16
CVE-2025-55109 BMC Control-M 安全漏洞 — Control-M/Agent 9.0 Critical2025-09-16
CVE-2025-58781 WTW-EAGLE App 信任管理问题漏洞 — WTW-EAGLE App for iOS 5.9 -2025-09-12
CVE-2025-9785 PaperCut Print Deploy 安全漏洞 — Print Deploy 7.4AIHighAI2025-09-03

CWE-295(证书验证不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 502 条 CVE 漏洞。