CVE-2025-71063
Unknown Unknown - Not Provided

TLS Certificate Validation Bypass in Errands Before

Vulnerability report for CVE-2025-71063, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-12

Last updated on: 2026-02-05

Assigner: MITRE

Description

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-12
Last Modified
2026-02-05
Generated
2026-07-06
AI Q&A
2026-01-13
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mrvladus errands to 46.2.10 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-71063 is a security vulnerability in the Errands application where TLS certificate verification for CalDAV servers was disabled by default before version 46.2.10. This means Errands accepted any TLS certificate, including invalid or malicious ones, without validating them. As a result, users are exposed to man-in-the-middle (MITM) attacks, allowing attackers to intercept or alter sensitive calendar and task data. The vulnerability stems from the Errands Python code explicitly setting ssl_verify_cert=False, bypassing proper SSL/TLS certificate validation. [1, 4]

Impact Analysis

This vulnerability can lead to man-in-the-middle attacks where an attacker intercepts or modifies your calendar and task data, which often contains private and sensitive personal information. Additionally, because Errands uses HTTP Basic authentication, credentials could be exposed in plaintext if TLS is compromised. This puts your data confidentiality and integrity at risk, potentially leading to credential theft and unauthorized data access. [1]

Detection Guidance

This vulnerability can be detected by inspecting the Errands application's configuration or source code to check if TLS certificate verification is disabled (i.e., if `ssl_verify_cert` is set to False) when connecting to CalDAV servers. Since Errands disables TLS certificate verification unconditionally in versions before 46.2.10, you can look for this setting in the Python CalDAV library usage within the application. Additionally, monitoring network traffic for TLS connections without proper certificate validation or using tools to detect man-in-the-middle attacks on CalDAV HTTPS connections may help. However, no specific commands are provided in the available resources. [1, 4]

Compliance Impact

The vulnerability in Errands disables TLS certificate verification for CalDAV servers, exposing users to man-in-the-middle attacks that can intercept or alter sensitive calendar and task data containing private personal information. This undermines the confidentiality and integrity of user data, which are critical requirements under common standards and regulations such as GDPR and HIPAA. By allowing credential theft and data interception, the vulnerability could lead to non-compliance with these regulations' mandates for protecting personal and sensitive information during transmission. [1]

Mitigation Strategies

To mitigate this vulnerability immediately, update the Errands application to version 46.2.10 or later, where the hardcoded disabling of TLS certificate verification has been removed and proper certificate validation is enforced. This update restores secure TLS handling and prevents man-in-the-middle attacks. Until the update is applied, avoid using Errands for CalDAV synchronization over untrusted networks, or consider alternative clients that enforce TLS certificate verification. The fix involves removing `ssl_verify_cert=False` so that SSL certificates are properly validated. [1, 5]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71063. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart