CVE-2025-40896
Received Received - Intake
TLS Certificate Validation Bypass in Arc Agent Enables MITM Attacks

Publication date: 2026-03-04

Last updated on: 2026-03-05

Assigner: Nozomi Networks Inc.

Description
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive information (such as assets and alerts), impersonation of the server, or injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-05
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40896
EUVD
EUVD-2025-208269
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nozominetworks arc to 2.2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-40896 is a security vulnerability in Arc versions prior to v2.2.0 where the Arc agent does not verify the server's TLS certificate when connecting to a Guardian or CMC server."}, {'type': 'paragraph', 'content': 'This lack of certificate validation allows a malicious actor to perform a man-in-the-middle (MITM) attack, intercepting communications between the Arc agent and the Guardian or CMC.'}, {'type': 'paragraph', 'content': 'Such interception can lead to theft of client tokens and sensitive information like asset and alert data, impersonation of the server, or injection of spoofed data such as false asset information or vulnerabilities into the Guardian or CMC.'}] [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to intercept sensitive communications between your Arc agent and Guardian or CMC servers.

  • Theft of client tokens, which could be used to gain unauthorized access.
  • Exposure of sensitive information such as assets and alerts.
  • Impersonation of the server, potentially misleading your systems or users.
  • Injection of spoofed data, including false asset details or vulnerabilities, which could compromise the integrity of your monitoring or security systems.
Compliance Impact

I don't know

Detection Guidance

This vulnerability involves the Arc agent failing to validate TLS certificates when connecting to a Guardian or CMC server, enabling man-in-the-middle attacks. Detection would involve monitoring network traffic for suspicious TLS connections or attempts to intercept communications between the Arc agent and Guardian or CMC.

However, no specific detection commands or tools are provided in the available information.

Mitigation Strategies

The only effective mitigation for this vulnerability is to upgrade the Arc software to version 2.2.0 or later, which includes proper TLS certificate validation to prevent man-in-the-middle attacks.

No other workarounds or mitigations are available according to the provided information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40896. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart