CVE-2025-56230
BaseFortify
Publication date: 2025-11-04
Last updated on: 2026-02-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tencent | docs | to 3.9.20 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-599 | The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing SSL Certificate Validation issue in the update component of Tencent Docs Desktop version 3.9.20 and earlier. It means that the software does not properly verify the SSL certificates when downloading updates, which could allow an attacker to perform man-in-the-middle attacks and deliver malicious updates.
How can this vulnerability impact me? :
Because the update component does not validate SSL certificates, an attacker could intercept and modify update data, potentially installing malicious software or code on the affected system. This can lead to compromise of the system's security and confidentiality.