Skip to main content

Builder CVE-2025-67229

CRITICAL
Improper Certificate Validation (CWE-295)
2026-01-23 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 23, 2026 - 17:16 nvd
CRITICAL 9.8

DescriptionCVE.org

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.

AnalysisAI

ToDesktop Builder v0.32.1 has an improper certificate validation vulnerability allowing man-in-the-middle attackers to inject malicious code into desktop application builds.

Technical ContextAI

ToDesktop Builder v0.32.1 does not properly validate TLS certificates (CWE-295), allowing MITM attackers to intercept and modify traffic during the desktop application build process.

RemediationAI

Update ToDesktop Builder. Build in trusted network environments. Verify build artifacts with code signing.

Share

CVE-2025-67229 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy