CVE-2025-70029
Awaiting Analysis Awaiting Analysis - Queue
TLS Certificate Validation Bypass in SunbirdEd-portal v

Publication date: 2026-02-11

Last updated on: 2026-04-01

Assigner: MITRE

Description
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-04-01
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-70029
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sunbird sunbirded-portal 1.13.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-70029 is a vulnerability in SunbirdEd-portal version 1.13.4 where the application disables TLS/SSL certificate validation by setting the HTTP request option 'rejectUnauthorized' to false."}, {'type': 'paragraph', 'content': 'This improper certificate validation allows attackers, such as man-in-the-middle (MITM) attackers, to spoof servers and intercept sensitive data transmitted between the client and server.'}] [2]

Impact Analysis

This vulnerability can compromise the confidentiality and integrity of communications between the client and server.

Attackers exploiting this issue can intercept sensitive information by spoofing servers, potentially leading to data breaches or unauthorized access to sensitive data.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability arises because the application disables TLS/SSL certificate validation by setting the HTTP request option 'rejectUnauthorized' to false, which can be detected by inspecting the application's HTTP request configurations or network traffic for TLS/SSL validation bypass."}, {'type': 'paragraph', 'content': "To detect this on your system, you can check the source code or configuration files of SunbirdEd-portal version 1.13.4 for the presence of 'rejectUnauthorized: false' in HTTP request options."}, {'type': 'paragraph', 'content': 'On the network level, you can monitor for suspicious man-in-the-middle (MITM) activity or untrusted TLS connections by capturing traffic with tools like Wireshark or tcpdump and analyzing for unexpected certificate errors or unencrypted data.'}, {'type': 'list_item', 'content': "Use grep or similar commands to search for 'rejectUnauthorized' in the application code: grep -r 'rejectUnauthorized' /path/to/sunbirded-portal"}, {'type': 'list_item', 'content': 'Use network capture tools to monitor TLS traffic: sudo tcpdump -i any port 443 -w capture.pcap'}, {'type': 'list_item', 'content': 'Analyze captured traffic with Wireshark to check for TLS certificate validation issues or unencrypted data.'}] [2]

Mitigation Strategies

[{'type': 'paragraph', 'content': "To mitigate this vulnerability, immediately ensure that the application enforces proper TLS/SSL certificate validation by setting 'rejectUnauthorized' to true in all HTTP request options."}, {'type': 'paragraph', 'content': 'Review and update the application code or configuration to remove any instances where certificate validation is disabled.'}, {'type': 'paragraph', 'content': 'If possible, upgrade to a fixed or patched version of SunbirdEd-portal that addresses this issue.'}, {'type': 'paragraph', 'content': 'Additionally, monitor network traffic for signs of man-in-the-middle attacks and consider using network security tools to detect and block suspicious activity.'}] [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70029. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart