CVE-2025-7095
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-06

Last updated on: 2025-07-18

Assigner: VulDB

Description
A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-06
Last Modified
2025-07-18
Generated
2026-05-07
AI Q&A
2025-07-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7095
EUVD
EUVD-2025-20154
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
comodo internet_security 12.3.4.8162
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Comodo Internet Security Premium 12.3.4.8162 involves improper certificate validation in the Update Handler component. It allows a remote attacker to exploit the system by manipulating certificate validation, although the attack is complex and difficult to execute.


How can this vulnerability impact me? :

The vulnerability could allow a remote attacker to bypass proper certificate validation, potentially leading to unauthorized actions or acceptance of malicious updates. However, the attack complexity is high and exploitability is difficult, which may limit the risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart