CRITICAL🇵🇱 Wersja polska

CVE-2025-67229

CVSS 9.8v3.1pub. 2026-01-23upd. 2026-01-29

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.

🤖 AI Analysis
How it works

The ToDesktop Builder application does not perform sufficient verification of TLS certificates during communication with backend servers. An attacker in a man-in-the-middle position (on-path attack) can use a forged certificate that will be accepted by the application. This enables impersonation of false backend server responses without the knowledge or consent of the user or administrator.

Impact

An attacker can impersonate trusted backend servers, modify data transmitted to the application, and potentially deliver malicious updates or configurations, which may lead to complete takeover of the application building environment (confidentiality, integrity, and availability threatened at high level).

Mitigation & patch

ToDesktop Builder should be updated to a version containing the patch described in the vendor's security bulletin TDSA-2025-001. Details regarding the patched version are available at https://www.todesktop.com/security/advisories/TDSA-2025-001 and in the vendor's changelog.

Who is affected

ToDesktop Builder version v0.32.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Todesktop Builder

    APP
    Todesktop
    < 0.32.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-67230HIGH7.1ten sam produkt

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers wi...

CVE-2025-67231MEDIUM5.9ten sam produkt

A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute ...