CVE-2025-20670

MEDIUM Year: 2025
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772.

Related Vulnerabilities

CVE-2025-1001

MEDIUM
CVSS:5.7(Medium)

Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a mach...

CWE-2952025

CVE-2016-7171

MEDIUM
CVSS:5.6(Medium)

NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.

CWE-2952016

CVE-2017-2648

MEDIUM
CVSS:5.6(Medium)

It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.

CWE-2952017

CVE-2018-1000151

MEDIUM
CVSS:5.6(Medium)

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default.

CWE-2952018

CVE-2018-8119

MEDIUM
CVSS:5.6(Medium)

A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This...

CWE-2952018

CVE-2018-8479

MEDIUM
CVSS:5.6(Medium)

A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK.

CWE-2952018