Plateforme
other
Composant
arc
Corrigé dans
2.2.0
CVE-2025-40896 describes a vulnerability in Arc where the server certificate is not verified during agent connections to Guardian or CMC. This lack of verification allows a malicious actor to perform a man-in-the-middle (MITM) attack, potentially compromising sensitive data and system integrity. The vulnerability impacts Arc versions 0.0 through 2.2.0, and a fix is available in version 2.2.0.
The primary impact of CVE-2025-40896 is the potential for a MITM attack. An attacker positioned between an Arc agent and the Guardian or CMC can intercept network traffic. This interception could lead to the theft of the client token, granting unauthorized access to assets and alerts managed by Arc. Furthermore, the attacker could impersonate the server, leading to data manipulation and the injection of false information, such as fabricated asset details or vulnerability reports, into the Guardian or CMC system. The blast radius extends to any data processed and managed through Arc, making it a critical concern for organizations relying on Arc for security management.
CVE-2025-40896 is not currently listed on the CISA KEV catalog. The EPSS score is pending evaluation. No public proof-of-concept (PoC) exploits have been publicly released as of the publication date. Given the nature of the vulnerability (MITM), it's plausible that opportunistic exploitation could occur if an attacker gains access to the network path between Arc agents and the Guardian/CMC.
Organizations utilizing Arc for security management, particularly those with deployments spanning multiple networks or untrusted environments, are at risk. Environments with legacy Arc configurations or those lacking robust network segmentation are especially vulnerable. Shared hosting environments where Arc agents and Guardian/CMC instances reside on the same infrastructure also face increased risk.
disclosure
Statut de l'Exploit
EPSS
0.03% (percentile 8%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-40896 is to upgrade Arc to version 2.2.0 or later, which includes the certificate verification fix. If upgrading immediately is not feasible, consider implementing network segmentation to isolate Arc agents and Guardian/CMC servers. While not a complete solution, this limits the attacker's ability to intercept traffic. Review network traffic for any anomalies indicative of MITM attacks. Implement strict access controls and monitor client token usage to detect unauthorized activity. After upgrading, confirm the fix by verifying that Arc agents successfully connect to Guardian/CMC using validated server certificates.
Mettez à jour Arc à la version 2.2.0 ou ultérieure. Cela assure que la validation du certificat TLS est activée, empêchant les attaques de l'homme du milieu. La mise à jour corrige l'absence de vérification du certificat du serveur lors de la connexion d'un agent Arc à un Guardian ou CMC.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-40896 is a vulnerability in Arc where the server certificate isn't verified, allowing a man-in-the-middle attack to intercept communication and potentially steal sensitive data. It has a CVSS score of 6.5 (MEDIUM).
If you are using Arc versions 0.0 through 2.2.0, you are potentially affected by this vulnerability. Assess your environment and prioritize upgrading.
Upgrade Arc to version 2.2.0 or later to resolve this vulnerability. If immediate upgrade is not possible, implement network segmentation as a temporary mitigation.
As of the publication date, there are no confirmed reports of active exploitation. However, the vulnerability's nature makes it a potential target for opportunistic attackers.
Refer to the official Arc security advisory for detailed information and updates regarding CVE-2025-40896. Check the Arc documentation and security announcement pages.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.