Platform
windows
Component
gosign-desktop
Fixed in
2.4.2
CVE-2025-65083 is a security vulnerability affecting GoSign Desktop versions 0 through 2.4.1. It stems from the application's behavior when configured to use a proxy server, where TLS certificate validation is disabled. This can lead to a bypass of integrity protection if a user selects an arbitrary proxy that allows connections to untrusted servers, potentially compromising data integrity.
The core impact of CVE-2025-65083 lies in the potential for integrity bypass. If a user is tricked into configuring GoSign Desktop to use a malicious or compromised proxy server, the application will not validate the TLS certificates presented by the destination server. This means that an attacker could intercept and modify data transmitted between GoSign Desktop and the intended server without detection. While the vulnerability description notes that this is outside the product's design objectives, a misconfigured environment could expose sensitive information. The blast radius is limited to the data processed by GoSign Desktop and the potential for man-in-the-middle attacks facilitated by the proxy.
CVE-2025-65083 has a LOW CVSS score, indicating a relatively low probability of exploitation. As of the public disclosure date (2025-11-17), there are no publicly known proof-of-concept exploits. It is not currently listed on the CISA KEV catalog. The vulnerability's reliance on user configuration and the need for a compromised proxy server likely contribute to its lower exploitation probability.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-65083 is to upgrade GoSign Desktop to version 2.4.2 or later, which addresses the certificate validation issue. If upgrading is not immediately feasible, consider implementing stricter proxy server controls within your organization. This includes whitelisting approved proxy servers and educating users about the risks of using untrusted proxies. Network administrators should also review proxy configurations to ensure that TLS certificate validation is enabled wherever possible. After upgrading, confirm the fix by verifying that TLS certificate validation is enforced when using a proxy server.
Update GoSign Desktop to a version later than 2.4.1 to fix the TLS certificate validation vulnerability when using a proxy. Ensure the proxy is configured correctly and trust the enterprise CA if necessary. Avoid using untrusted proxies.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-65083 is a vulnerability in GoSign Desktop versions 0-2.4.1 where TLS certificate validation is disabled when using a proxy, potentially allowing integrity bypass.
If you are using GoSign Desktop versions 0 through 2.4.1 and have configured it to use a proxy server, you are potentially affected by this vulnerability.
Upgrade GoSign Desktop to version 2.4.2 or later to resolve the TLS certificate validation issue. If upgrading isn't possible, implement stricter proxy server controls.
As of the public disclosure date, there are no publicly known active exploits for CVE-2025-65083.
Refer to the official GoSign Desktop advisory for detailed information and updates regarding CVE-2025-65083.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.