CVE-2025-7096
BaseFortify
Publication date: 2025-07-06
Last updated on: 2025-07-18
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| comodo | internet_security | 12.3.4.8162 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
| CWE-354 | The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a critical security flaw in Comodo Internet Security Premium version 12.3.4.8162, specifically in the Manifest File Handler component's cis_update_x64.xml file. It involves improper validation of an integrity check value, which could potentially be exploited remotely. However, the attack complexity is high and exploitation is difficult. The vulnerability has been publicly disclosed, and the vendor did not respond to the disclosure.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow an attacker to bypass integrity checks, potentially leading to unauthorized actions or compromise of the affected system. Since the attack can be initiated remotely, it poses a risk of remote compromise. However, due to the high complexity and difficulty of exploitation, the immediate risk may be limited but still significant given the critical severity.