CVE-2025-35983
Last modified
CVE-2025-35983 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for Controllers once they are connected. This issue affects Controller 7000: 9.30 prior to vCR9.30.250624a (distributed in 9.30.1871 (MR1)).. EPSS estimates a 0.16% chance of exploitation in the next 30 days.
Description
Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for Controllers once they are connected. This issue affects Controller 7000: 9.30 prior to vCR9.30.250624a (distributed in 9.30.1871 (MR1)).
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2025-35983?
How severe is CVE-2025-35983?
How do I fix CVE-2025-35983?
Are you affected by CVE-2025-35983?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST