{"api_version":"1","generated_at":"2026-05-13T07:03:17+00:00","cve":"CVE-2025-42611","urls":{"html":"https://cve.report/CVE-2025-42611","api":"https://cve.report/api/cve/CVE-2025-42611.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-42611","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-42611"},"summary":{"title":"Improper certificate validation in multiple RouterOS services","description":"RouterOS provides various services that rely on correct\nverification of client and server certificates to secure confidentiality and\nintegrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),\namong others.\n\n\n\nThe vulnerability lies in shared certificate validation\nlogic which uses the system certificate store that is shared and equally\ntrusted by all system services. This causes confusion of scope, allowing any\ncertificate authority present in the system-wide trust store to be trusted in\nany context (with some exceptions), allowing partial or full authentication\nbypass in CAPsMAN, OpenVPN, Dot1X and potentially others.","state":"PUBLISHED","assigner":"ENISA","published_at":"2026-05-05 11:16:31","updated_at":"2026-05-07 14:51:53"},"problem_types":["CWE-295","CWE-295 CWE-295 Improper certificate validation"],"metrics":[{"version":"3.1","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://www.cert.si/en/cve-2025-42611/","name":"https://www.cert.si/en/cve-2025-42611/","refsource":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-42611","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-42611","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Mikrotik","product":"RouterOS","version":"affected 7.20.x semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"42611","cve":"CVE-2025-42611","epss":"0.000090000","percentile":"0.008770000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:54"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-42611","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-05T12:38:09.152163Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-05T12:49:47.495Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"RouterOS","vendor":"Mikrotik","versions":[{"lessThanOrEqual":"7.20.x","status":"affected","version":"0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>RouterOS provides various services that rely on correct\nverification of client and server certificates to secure confidentiality and\nintegrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),\namong others.</p><p>The vulnerability lies in shared certificate validation\nlogic which uses the system certificate store that is shared and equally\ntrusted by all system services. This causes confusion of scope, allowing any\ncertificate authority present in the system-wide trust store to be trusted in\nany context (with some exceptions), allowing partial or full authentication\nbypass in CAPsMAN, OpenVPN, Dot1X and potentially others. </p>\n\n\n\n\n\n<br>"}],"value":"RouterOS provides various services that rely on correct\nverification of client and server certificates to secure confidentiality and\nintegrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),\namong others.\n\n\n\nThe vulnerability lies in shared certificate validation\nlogic which uses the system certificate store that is shared and equally\ntrusted by all system services. This causes confusion of scope, allowing any\ncertificate authority present in the system-wide trust store to be trusted in\nany context (with some exceptions), allowing partial or full authentication\nbypass in CAPsMAN, OpenVPN, Dot1X and potentially others."}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-295","description":"CWE-295 Improper certificate validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-05T10:58:36.937Z","orgId":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","shortName":"ENISA"},"references":[{"tags":["third-party-advisory","government-resource"],"url":"https://www.cert.si/en/cve-2025-42611/"}],"source":{"discovery":"UNKNOWN"},"title":"Improper certificate validation in multiple RouterOS services","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","assignerShortName":"ENISA","cveId":"CVE-2025-42611","datePublished":"2026-05-05T10:58:36.937Z","dateReserved":"2025-04-16T12:34:02.865Z","dateUpdated":"2026-05-05T12:49:47.495Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-05 11:16:31","lastModifiedDate":"2026-05-07 14:51:53","problem_types":["CWE-295","CWE-295 CWE-295 Improper certificate validation"],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"42611","Ordinal":"1","Title":"Improper certificate validation in multiple RouterOS services","CVE":"CVE-2025-42611","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"42611","Ordinal":"1","NoteData":"RouterOS provides various services that rely on correct\nverification of client and server certificates to secure confidentiality and\nintegrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),\namong others.\n\n\n\nThe vulnerability lies in shared certificate validation\nlogic which uses the system certificate store that is shared and equally\ntrusted by all system services. This causes confusion of scope, allowing any\ncertificate authority present in the system-wide trust store to be trusted in\nany context (with some exceptions), allowing partial or full authentication\nbypass in CAPsMAN, OpenVPN, Dot1X and potentially others.","Type":"Description","Title":"Improper certificate validation in multiple RouterOS services"}]}}}