How severe is CVE-2025-20126?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2025-20126?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2025-20126 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client.

Related Vulnerabilities

CVE-2017-2387

MEDIUM

CVSS:4.8(Medium)

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta...

CWE-2952017

CVE-2017-6142

MEDIUM

CVSS:4.8(Medium)

X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus...

CWE-2952017

CVE-2018-0334

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could a...

CWE-2952018

CVE-2019-3875

MEDIUM

CVSS:4.8(Medium)

A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided i...

CWE-2952019

CVE-2020-10059

MEDIUM

CVSS:4.8(Medium)

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DT...

CWE-2952020

CVE-2020-2252

MEDIUM

CVSS:4.8(Medium)

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

CWE-2952020