CVE-2025-7095

CWE-287Improper AuthenticationCWE-295Improper Certificate Validation3 documents3 sources
Severity
6.3MEDIUM
EPSS
0.0%
top 85.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Comodo Internet Security PremiumComodo Internet Security
Timeline
PublishedJul 6
Latest updateJul 7

Description

A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5comodo/internet_security_premium12.3.4.8162
NVDcomodo/internet_security12.3.4.8162

🔴Vulnerability Details

2
GHSA
GHSA-7xq7-6cv9-82h6: A vulnerability classified as critical has been found in Comodo Internet Security Premium 122025-07-07
CVEList
Comodo Internet Security Premium Update certificate validation2025-07-06
CVE-2025-7095 (MEDIUM CVSS 6.3) | A vulnerability classified as criti | cvebase.io