CVE-2025-42611

Published May 5, 2026

Last updated 25 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-42611 describes a vulnerability within RouterOS that affects services relying on client and server certificate verification, such as OpenVPN, CAPsMAN, and Dot1x (802.1X). The issue stems from shared certificate validation logic that utilizes a system-wide certificate store, which is equally trusted by all system services. This design flaw leads to a "confusion of scope," where any certificate authority present in the system's trust store can be accepted in various contexts, potentially enabling partial or full authentication bypass in CAPsMAN, OpenVPN, Dot1X, and other services. The vulnerability is categorized under CWE-295, which signifies improper certificate validation.

Description: RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x (802.1X), among others. The vulnerability lies in shared certificate validation logic which uses the system certificate store that is shared and equally trusted by all system services. This causes confusion of scope, allowing any certificate authority present in the system-wide trust store to be trusted in any context (with some exceptions), allowing partial or full authentication bypass in CAPsMAN, OpenVPN, Dot1X and potentially others.
Source: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
NVD status: Received

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

a6d3dc9e-0591-4a13-bce7-0f5b31ff6158: CWE-295

Hype score: Not currently trending

References