CVE-2025-59353

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0

Description A peer can obtain a valid TLS certificate for arbitrary IP addresses, rendering the mTLS authentication ineffective. The Manager’s Certificate gRPC service does not validate if the requested IP addresses belong to the peer requesting the certificate. The vulnerable code parses a certificate signing request (CSR) and does not verify that the IP addresses within the CSR match the peer’s connection IP address.

Recommendations Upgrade to version 2.1.0 or later.

Exploit

Fix

Missing Authorization

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-295

Related Identifiers

CVE-2025-59353

GHSA-255V-QV84-29P5

GO-2025-3969

OPENSUSE-SU-2025:15576-1

SUSE-SU-2025:3799-1

Affected Products

Dragonfly

CVE-2025-59353

Weakness Enumeration

Related Identifiers

Affected Products

References · 47