SB2025042950 - Spoofing attack in phpseclib
Published: April 29, 2025
Security Bulletin ID
SB2025042950
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2023-52892)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling some characters in Subject Alternative Name fields in TLS certificates. These fields are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification.
Remediation
Install update from vendor's website.