How severe is CVE-2025-23114?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2025-23114?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2025-23114

CRITICAL Year: 2025

CVSS v3 Score

9.0

Critical

Weakness Type

CWE-295

View all →

Vulnerability Description

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.

CVE-2020-27648

CRITICAL

CVSS:9.0(Critical)

Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive info...

CWE-2952020

CVE-2020-27649

CRITICAL

CVSS:9.0(Critical)

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information ...

CWE-2952020

CVE-2014-8164

CRITICAL

CVSS:9.1(Critical)

A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.

CWE-2952014

CVE-2017-17944

CRITICAL

CVSS:9.1(Critical)

The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.

CWE-2952017

CVE-2017-17945

CRITICAL

CVSS:9.1(Critical)

The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.

CWE-2952017

CVE-2017-18911

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.

CWE-2952017

CVE-2025-23114

Vulnerability Description

Related Vulnerabilities

CVE-2020-27648

CVE-2020-27649

CVE-2014-8164

CVE-2017-17944

CVE-2017-17945

CVE-2017-18911