CVE-2025-4384
Description
The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly. The use of a client certificate reduces the risk for random devices to take advantage of this flaw.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-4384? +
How do I check if I'm vulnerable to CVE-2025-4384? +
Related Vulnerabilities
Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute …
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in …
The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when …