CVE-2025-43918

{"id": "CVE-2025-43918", "cveTags": [{"tags": ["exclusively-hosted-service"], "sourceIdentifier": "[email protected]"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.1}]}, "published": "2025-04-19T22:15:14.410", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1961406", "source": "[email protected]"}, {"url": "https://news.ycombinator.com/item?id=43738485", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-348"}]}], "descriptions": [{"lang": "en", "value": "SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that domain."}, {"lang": "es", "value": "SSL.com antes del 19/04/2025, cuando se utiliza el m\u00e9todo de validaci\u00f3n de dominio 3.2.2.4.14, procesa las solicitudes de certificados de manera tal que se pueda emitir un certificado TLS confiable para el nombre de dominio de la direcci\u00f3n de correo electr\u00f3nico de un solicitante, incluso cuando el solicitante no establece de otro modo el control administrativo de ese dominio."}], "lastModified": "2025-04-21T14:23:45.950", "sourceIdentifier": "[email protected]"}