CVE-2025-9293
Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception
Description
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.
CVSS Vector Breakdown
AV:NAccess VectorAC:LAccess ComplexityC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2025-9293 and every CVE in our database. Create a free account — no credit card required.
Create Free Account