Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-43918

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that domain.

Published

2025-04-19T22:15:14.410

Last Modified

2025-04-21T14:23:45.950

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-348

Affected Vendors & Products

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1961406 ([email protected])
https://news.ycombinator.com/item?id=43738485 ([email protected])