CVE-2025-70043
Received Received - Intake

Improper Certificate Validation in Ayms Node-To Master TLS Socket

Vulnerability report for CVE-2025-70043, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-23

Last updated on: 2026-02-23

Assigner: MITRE

Description

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-23
Last Modified
2026-02-23
Generated
2026-07-06
AI Q&A
2026-02-23
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ayms node-tor *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-70043 is a vulnerability in the Ayms node-Tor master version related to improper certificate validation (CWE-295). The application disables TLS/SSL certificate validation by setting the 'rejectUnauthorized' option to false in the TLS socket configuration."}, {'type': 'paragraph', 'content': 'This misconfiguration means that the application does not verify the authenticity of TLS/SSL certificates, which can allow attackers to perform man-in-the-middle (MITM) attacks by spoofing servers.'}] [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to intercept and potentially alter sensitive data transmitted over the network.

Because the application does not validate TLS/SSL certificates, attackers can impersonate legitimate servers, compromising the security and integrity of communications.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by inspecting the application's TLS socket configuration to check if the 'rejectUnauthorized' option is set to false, which disables proper TLS/SSL certificate validation."}, {'type': 'paragraph', 'content': "On systems running the affected node-Tor application, you can search the source code or runtime configuration for the string 'rejectUnauthorized: false'."}, {'type': 'list_item', 'content': 'Use grep or similar command to find the setting in code or configuration files, for example: grep -r "rejectUnauthorized: false" /path/to/node-tor/'}, {'type': 'list_item', 'content': 'Monitor network traffic for suspicious man-in-the-middle activity, such as unexpected TLS certificate changes or untrusted certificates.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': "To mitigate this vulnerability, immediately ensure that the TLS socket option 'rejectUnauthorized' is set to true, enabling proper certificate validation."}, {'type': 'paragraph', 'content': 'This change will prevent the application from accepting invalid or spoofed TLS/SSL certificates, protecting against man-in-the-middle attacks.'}, {'type': 'list_item', 'content': "Review and update the node-Tor application's configuration or source code to remove or correct any instance where 'rejectUnauthorized' is set to false."}, {'type': 'list_item', 'content': 'Restart the application after applying the configuration changes to ensure the new settings take effect.'}, {'type': 'list_item', 'content': 'Consider monitoring network traffic for any signs of interception or tampering during the mitigation process.'}] [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70043. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart