Missing Validation of OpenSSL Certificate

CVE-2025-56230

High

7.5/10

Summary

Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-599 - Missing Validation of OpenSSL Certificate

The software uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.

References

Advisory Timeline

Published Nov 04, 2025

Missing Validation of OpenSSL Certificate

CVE-2025-56230

Summary

CWE-599 - Missing Validation of OpenSSL Certificate

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS