CVE-2025-70043 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: February 23, 2026
Ayms node-To master - Improper Certificate Validation
Overview
Ayms node-To master contains an improper certificate validation vulnerability caused by disabling TLS/SSL certificate validation via 'rejectUnauthorized': false in TLS socket options, letting attackers perform man-in-the-middle attacks, exploit requires network access.
Severity & Score
Impact
Attackers can intercept and modify encrypted communications, leading to data theft or manipulation.
Mitigation
Update to the latest version that enforces proper TLS/SSL certificate validation.
References
Social Media Activity(2 posts)
š“ New security advisory: CVE-2025-70043 affects multiple systems. ā¢ Impact: Remote code execution or complete system compromise possible ā¢ Risk: Attackers can gain full control of affected systems ā¢ Mitigation: Patch immediately or isolate affected systems Full breakdown: https://yazoul.net/advisory/cve/cve-2025-70043 #Cybersecurity #ZeroDay #ThreatIntel
View original post
š“ CVE-2025-70043 - Critical (9.1) An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options š https://www.thehackerwire.com/vulnerability/CVE-2025-70043/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-70043
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- weak_cryptography
- Status
- unconfirmed
- EPSS
- 1.6%
- Social Posts
- 2
CWE
- CWE-295
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N