CVE-2025-27377
Unknown
Unknown - Not Provided
TLS Certificate Validation Bypass in Altium Designer 24.9.0 Enables MITM Attack
Publication date: 2026-01-22
Last updated on: 2026-02-26
Assigner: Altium
Description
Description
Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensitive design data.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| altium | designer | From 24.9.0 (inc) to 25.2.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Altium Designer version 24.9.0 occurs because the software does not validate self-signed server certificates for cloud connections. This means an attacker who can perform a man-in-the-middle (MITM) attack could intercept or manipulate the network traffic between the user and the cloud service.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to intercept or manipulate network traffic, potentially exposing authentication credentials or sensitive design data to unauthorized parties.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70