CVE-2025-20126

Name of the Vulnerable Software and Affected Versions Cisco ThousandEyes Endpoint Agent for macOS and RoomOS (affected versions not specified)

Description A vulnerability in the certification validation routines of the affected software could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This issue exists because the software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate, potentially allowing the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.