{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-43918", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-21T14:19:27.457Z", "dateReserved": "2025-04-19T00:00:00.000Z", "datePublished": "2025-04-19T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SSL.com", "vendor": "SSL.com", "versions": [{"lessThan": "2025-04-19", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that domain."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-348", "description": "CWE-348 Use of Less Trusted Source", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-04-19T22:07:09.222Z"}, "references": [{"url": "https://news.ycombinator.com/item?id=43738485"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1961406"}], "tags": ["exclusively-hosted-service"], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T14:18:48.938981Z", "id": "CVE-2025-43918", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T14:19:27.457Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-43918", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-21T14:18:48.938981Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T14:19:00.471Z"}}], "cna": {"tags": ["exclusively-hosted-service"], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "SSL.com", "product": "SSL.com", "versions": [{"status": "affected", "version": "0", "lessThan": "2025-04-19", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://news.ycombinator.com/item?id=43738485"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1961406"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that domain."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-348", "description": "CWE-348 Use of Less Trusted Source"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-04-19T22:07:09.222Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43918", "state": "PUBLISHED", "dateUpdated": "2025-04-21T14:19:27.457Z", "dateReserved": "2025-04-19T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-04-19T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["exclusively-hosted-service"]}], "descriptions": [{"lang": "en", "value": "SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email address, even when the requester does not otherwise establish administrative control of that domain."}, {"lang": "es", "value": "SSL.com antes del 19/04/2025, cuando se utiliza el m\u00e9todo de validaci\u00f3n de dominio 3.2.2.4.14, procesa las solicitudes de certificados de manera tal que se pueda emitir un certificado TLS confiable para el nombre de dominio de la direcci\u00f3n de correo electr\u00f3nico de un solicitante, incluso cuando el solicitante no establece de otro modo el control administrativo de ese dominio."}], "id": "CVE-2025-43918", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-04-19T22:15:14.410", "references": [{"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1961406"}, {"source": "cve@mitre.org", "url": "https://news.ycombinator.com/item?id=43738485"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-348"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}

{}