Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-35983

Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for Controllers once they are connected. This issue affects Controller 7000: 9.30 prior to vCR9.30.250624a (distributed in 9.30.1871 (MR1)).

Published

2025-07-10T03:15:28.720

Last Modified

2025-07-10T13:17:30.017

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-295

Affected Vendors & Products

References

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-35983 ([email protected])