Builder
CVE-2025-67229
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.
AnalysisAI
ToDesktop Builder v0.32.1 has an improper certificate validation vulnerability allowing man-in-the-middle attackers to inject malicious code into desktop application builds.
Technical ContextAI
ToDesktop Builder v0.32.1 does not properly validate TLS certificates (CWE-295), allowing MITM attackers to intercept and modify traffic during the desktop application build process.
RemediationAI
Update ToDesktop Builder. Build in trusted network environments. Verify build artifacts with code signing.
Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, le
Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with rendere
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg
A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary
Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.0.5. Rated medium severity (CVSS 4.3), this v
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the dup
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today