GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without con
अनुवाद हो रहा है…प्लेटफ़ॉर्म
windows
घटक
gosign-desktop
में ठीक किया गया
2.4.2
CVE-2025-65083 is a security vulnerability affecting GoSign Desktop versions 0 through 2.4.1. It stems from the application's behavior when configured to use a proxy server, where TLS certificate validation is disabled. This can lead to a bypass of integrity protection if a user selects an arbitrary proxy that allows connections to untrusted servers, potentially compromising data integrity.
प्रभाव और हमले की स्थितियाँअनुवाद हो रहा है…
The core impact of CVE-2025-65083 lies in the potential for integrity bypass. If a user is tricked into configuring GoSign Desktop to use a malicious or compromised proxy server, the application will not validate the TLS certificates presented by the destination server. This means that an attacker could intercept and modify data transmitted between GoSign Desktop and the intended server without detection. While the vulnerability description notes that this is outside the product's design objectives, a misconfigured environment could expose sensitive information. The blast radius is limited to the data processed by GoSign Desktop and the potential for man-in-the-middle attacks facilitated by the proxy.
शोषण संदर्भअनुवाद हो रहा है…
CVE-2025-65083 has a LOW CVSS score, indicating a relatively low probability of exploitation. As of the public disclosure date (2025-11-17), there are no publicly known proof-of-concept exploits. It is not currently listed on the CISA KEV catalog. The vulnerability's reliance on user configuration and the need for a compromised proxy server likely contribute to its lower exploitation probability.
कौन जोखिम में हैअनुवाद हो रहा है…
Organizations utilizing GoSign Desktop, particularly those with configurations that allow users to configure proxy servers without adequate oversight, are at risk. Shared hosting environments where users have control over proxy settings are also potentially vulnerable. Legacy configurations that haven't been reviewed for security best practices should be prioritized for patching.
पहचान के चरणअनुवाद हो रहा है…
• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -eq "GoSignDesktop"}• windows / supply-chain:
Get-ItemProperty -Path 'HKCU:\Software\GoSignDesktop' -Name ProxyServer• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='GoSignDesktop']]]" -MaxEvents 10हमले की समयरेखा
- Disclosure
disclosure
खतरा खुफिया
एक्सप्लॉइट स्थिति
EPSS
0.01% (2% शतमक)
CISA SSVC
CVSS वेक्टर
इन मेट्रिक्स का क्या मतलब है?
- Attack Vector
- स्थानीय — हमलावर को सिस्टम पर स्थानीय सत्र या शेल की आवश्यकता है।
- Attack Complexity
- उच्च — रेस कंडीशन, गैर-डिफ़ॉल्ट कॉन्फ़िगरेशन या विशिष्ट परिस्थितियों की आवश्यकता।
- Privileges Required
- कोई नहीं — बिना प्रमाणीकरण के शोषण योग्य।
- User Interaction
- कोई नहीं — स्वचालित और मूक हमला। पीड़ित कुछ नहीं करता।
- Scope
- बदला हुआ — हमला कमज़ोर घटक से परे अन्य प्रणालियों तक फैल सकता है।
- Confidentiality
- कोई नहीं — गोपनीयता पर कोई प्रभाव नहीं।
- Integrity
- निम्न — हमलावर सीमित दायरे में कुछ डेटा बदल सकता है।
- Availability
- कोई नहीं — उपलब्धता पर कोई प्रभाव नहीं।
प्रभावित सॉफ्टवेयर
कमजोरी वर्गीकरण (CWE)
समयरेखा
- आरक्षित
- प्रकाशित
- EPSS अद्यतन
शमन और वर्कअराउंडअनुवाद हो रहा है…
The primary mitigation for CVE-2025-65083 is to upgrade GoSign Desktop to version 2.4.2 or later, which addresses the certificate validation issue. If upgrading is not immediately feasible, consider implementing stricter proxy server controls within your organization. This includes whitelisting approved proxy servers and educating users about the risks of using untrusted proxies. Network administrators should also review proxy configurations to ensure that TLS certificate validation is enabled wherever possible. After upgrading, confirm the fix by verifying that TLS certificate validation is enforced when using a proxy server.
कैसे ठीक करेंअनुवाद हो रहा है…
Actualice GoSign Desktop a una versión posterior a la 2.4.1 para corregir la vulnerabilidad de validación de certificados TLS al usar un proxy. Asegúrese de configurar correctamente el proxy y confiar en la CA de la empresa si es necesario. Evite usar proxies no confiables.
CVE सुरक्षा न्यूज़लेटर
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
अक्सर पूछे जाने वाले सवालअनुवाद हो रहा है…
What is CVE-2025-65083 — TLS Bypass in GoSign Desktop?
CVE-2025-65083 is a vulnerability in GoSign Desktop versions 0-2.4.1 where TLS certificate validation is disabled when using a proxy, potentially allowing integrity bypass.
Am I affected by CVE-2025-65083 in GoSign Desktop?
If you are using GoSign Desktop versions 0 through 2.4.1 and have configured it to use a proxy server, you are potentially affected by this vulnerability.
How do I fix CVE-2025-65083 in GoSign Desktop?
Upgrade GoSign Desktop to version 2.4.2 or later to resolve the TLS certificate validation issue. If upgrading isn't possible, implement stricter proxy server controls.
Is CVE-2025-65083 being actively exploited?
As of the public disclosure date, there are no publicly known active exploits for CVE-2025-65083.
Where can I find the official GoSign Desktop advisory for CVE-2025-65083?
Refer to the official GoSign Desktop advisory for detailed information and updates regarding CVE-2025-65083.
क्या आपका प्रोजेक्ट प्रभावित है?
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।