CVE-2025-27377

Medium CVSS: 5.3

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensitive design data.

Vendor

Altium

Product

Designer

CWE

CWE-295

Yayın Tarihi

2026-01-22 01:15:50

Güncelleme

2026-02-26 21:49:17

Source Identifier

4760f414-e1ae-4ff1-bdad-c7a9c3538b79

KEV Date Added

Kategoriler

CWE-295 Designer MEDIUM Altium 2026

Referanslar

https://www.altium.com/platform/security-compliance/security-advisories

Benzer Kayıtlar

Medium

CVE-2025-27379

A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker…

High

CVE-2025-27380

HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attac…

High

CVE-2025-27378

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic f…

Medium

CVE-2026-1011

A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment endpoint due to missing…

Critical

CVE-2026-1009

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitizati…

High

CVE-2026-1010

A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input…