← Back

CVE-2025-27377

nvd nist
Published: Jan 22, 2026Modified: Feb 26, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 1.6 / Impact: 3.6
Source: 4760f414-e1ae-4ff1-bdad-c7a9c3538b79 (Secondary)

Description

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensitive design data.

Affected (1)

Products: Altium: Designer
Altium
1 product
Designer
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Designer
From 24.9.0 to 25.2.0

Related CWEs

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References (1)

Source: 4760f414-e1ae-4ff1-bdad-c7a9c3538b79
Vendor Advisory

Timeline

No history available yet.