CVE-2025-40896
Received Received - Intake
TLS Certificate Validation Bypass in Arc Agent Enables MITM Attacks

Publication date: 2026-03-04

Last updated on: 2026-03-05

Assigner: Nozomi Networks Inc.

Description
The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive information (such as assets and alerts), impersonation of the server, or injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-05
Generated
2026-05-07
AI Q&A
2026-03-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40896
EUVD
EUVD-2025-208269
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nozominetworks arc to 2.2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': "CVE-2025-40896 is a security vulnerability in Arc versions prior to v2.2.0 where the Arc agent does not verify the server's TLS certificate when connecting to a Guardian or CMC server."}, {'type': 'paragraph', 'content': 'This lack of certificate validation allows a malicious actor to perform a man-in-the-middle (MITM) attack, intercepting communications between the Arc agent and the Guardian or CMC.'}, {'type': 'paragraph', 'content': 'Such interception can lead to theft of client tokens and sensitive information like asset and alert data, impersonation of the server, or injection of spoofed data such as false asset information or vulnerabilities into the Guardian or CMC.'}] [1]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to intercept sensitive communications between your Arc agent and Guardian or CMC servers.

  • Theft of client tokens, which could be used to gain unauthorized access.
  • Exposure of sensitive information such as assets and alerts.
  • Impersonation of the server, potentially misleading your systems or users.
  • Injection of spoofed data, including false asset details or vulnerabilities, which could compromise the integrity of your monitoring or security systems.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves the Arc agent failing to validate TLS certificates when connecting to a Guardian or CMC server, enabling man-in-the-middle attacks. Detection would involve monitoring network traffic for suspicious TLS connections or attempts to intercept communications between the Arc agent and Guardian or CMC.

However, no specific detection commands or tools are provided in the available information.


What immediate steps should I take to mitigate this vulnerability?

The only effective mitigation for this vulnerability is to upgrade the Arc software to version 2.2.0 or later, which includes proper TLS certificate validation to prevent man-in-the-middle attacks.

No other workarounds or mitigations are available according to the provided information.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart