CVE-2025-35983

{"id": "CVE-2025-35983", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosures@gallagher.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.2}]}, "published": "2025-07-10T03:15:28.720", "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-35983", "source": "disclosures@gallagher.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosures@gallagher.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for Controllers once they are connected. \n\nThis issue affects Controller 7000: \n\n9.30 prior to vCR9.30.250624a (distributed in 9.30.1871 (MR1))."}, {"lang": "es", "value": "Una validaci\u00f3n incorrecta de certificado (CWE-295) en la implementaci\u00f3n de Controller 7000 OneLink podr\u00eda permitir que un atacante sin privilegios realice una denegaci\u00f3n de servicio limitada o anule privilegios durante la configuraci\u00f3n inicial del controlador. Sin embargo, no existe riesgo para los controladores una vez conectados. Este problema afecta al controlador 7000: versi\u00f3n 9.30 anterior a vCR9.30.250624a (distribuida en 9.30.1871 (MR1))."}], "lastModified": "2025-07-10T13:17:30.017", "sourceIdentifier": "disclosures@gallagher.com"}