CVE-2025-2028

Summary

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs

Affected Software

VendorProductVersion RangeStatus
checkpointCheck Point Management Log Serverversions R81.10, R81.20, R82affected

Weaknesses

  • CWE-295: CWE-295: Improper Certificate Validation.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References