Plattform
windows
Komponente
gosign-desktop
Behoben in
2.4.2
CVE-2025-65083 is a security vulnerability affecting GoSign Desktop versions 0 through 2.4.1. It stems from the application's behavior when configured to use a proxy server, where TLS certificate validation is disabled. This can lead to a bypass of integrity protection if a user selects an arbitrary proxy that allows connections to untrusted servers, potentially compromising data integrity.
The core impact of CVE-2025-65083 lies in the potential for integrity bypass. An attacker could manipulate the proxy server configuration to intercept and potentially modify outbound HTTPS traffic from GoSign Desktop. This is particularly concerning if the user is unaware of the proxy's trustworthiness or if the proxy is compromised. While the description notes that this is outside the product's design objectives and unlikely in typical enterprise deployments, the possibility remains. The risk is amplified in environments where users have the freedom to configure proxy settings without proper oversight. This vulnerability does not allow for remote code execution but could lead to data exfiltration or man-in-the-middle attacks if exploited.
CVE-2025-65083 is currently not listed on the CISA KEV catalog. The EPSS score is likely low, given the requirement for user configuration of an untrusted proxy and the lack of public proof-of-concept exploits. The vulnerability was publicly disclosed on 2025-11-17. No active exploitation campaigns have been reported at the time of this writing.
Organizations utilizing GoSign Desktop, particularly those with configurations that allow users to configure proxy servers without adequate oversight, are at risk. Shared hosting environments where users have control over proxy settings are also potentially vulnerable. Legacy configurations that haven't been reviewed for security best practices should be prioritized for patching.
• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -eq "GoSignDesktop"}• windows / supply-chain:
Get-ItemProperty -Path 'HKCU:\Software\GoSignDesktop' -Name ProxyServer• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='GoSignDesktop']]]" -MaxEvents 10disclosure
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-65083 is to upgrade GoSign Desktop to version 2.4.2 or later, which addresses the certificate validation issue. If an immediate upgrade is not feasible, consider implementing stricter proxy server configuration policies to prevent users from selecting untrusted proxies. Employ network-level controls, such as firewalls or proxy authentication, to restrict access to known malicious or untrusted proxy servers. Regularly review proxy server configurations and user permissions to ensure compliance with security best practices. After upgrading, confirm the fix by verifying that TLS certificate validation is enabled when using a proxy server.
Aktualisieren Sie GoSign Desktop auf eine Version, die neuer als 2.4.1 ist, um die TLS-Zertifikatsvalidierungs-Schwachstelle bei Verwendung eines Proxys zu beheben. Stellen Sie sicher, dass der Proxy korrekt konfiguriert ist und vertrauen Sie bei Bedarf der Unternehmens-CA. Vermeiden Sie die Verwendung nicht vertrauenswürdiger Proxys.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-65083 is a vulnerability in GoSign Desktop versions 0-2.4.1 where TLS certificate validation is disabled when using a proxy, potentially allowing integrity bypass.
If you are using GoSign Desktop versions 0 through 2.4.1 and have configured it to use a proxy server, you are potentially affected by this vulnerability.
Upgrade GoSign Desktop to version 2.4.2 or later to resolve the TLS certificate validation issue. If upgrading isn't possible, implement stricter proxy server controls.
As of the public disclosure date, there are no publicly known active exploits for CVE-2025-65083.
Refer to the official GoSign Desktop advisory for detailed information and updates regarding CVE-2025-65083.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.