{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-42611","assignerOrgId":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","state":"PUBLISHED","assignerShortName":"ENISA","dateReserved":"2025-04-16T12:34:02.865Z","datePublished":"2026-05-05T10:58:36.937Z","dateUpdated":"2026-05-05T12:49:47.495Z"},"containers":{"cna":{"providerMetadata":{"orgId":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","shortName":"ENISA","dateUpdated":"2026-05-05T10:58:36.937Z"},"title":"Improper certificate validation in multiple RouterOS services","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-295","description":"CWE-295 Improper certificate validation","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"affected":[{"vendor":"Mikrotik","product":"RouterOS","versions":[{"status":"affected","version":"0","lessThanOrEqual":"7.20.x","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"RouterOS provides various services that rely on correct\nverification of client and server certificates to secure confidentiality and\nintegrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),\namong others.\n\n\n\nThe vulnerability lies in shared certificate validation\nlogic which uses the system certificate store that is shared and equally\ntrusted by all system services. This causes confusion of scope, allowing any\ncertificate authority present in the system-wide trust store to be trusted in\nany context (with some exceptions), allowing partial or full authentication\nbypass in CAPsMAN, OpenVPN, Dot1X and potentially others.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>RouterOS provides various services that rely on correct\nverification of client and server certificates to secure confidentiality and\nintegrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X),\namong others.</p><p>The vulnerability lies in shared certificate validation\nlogic which uses the system certificate store that is shared and equally\ntrusted by all system services. This causes confusion of scope, allowing any\ncertificate authority present in the system-wide trust store to be trusted in\nany context (with some exceptions), allowing partial or full authentication\nbypass in CAPsMAN, OpenVPN, Dot1X and potentially others. </p>\n\n\n\n\n\n<br>"}]}],"references":[{"url":"https://www.cert.si/en/cve-2025-42611/","tags":["third-party-advisory","government-resource"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.2"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-05T12:38:09.152163Z","id":"CVE-2025-42611","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-05T12:49:47.495Z"}}]}}