CVE-2025-27377

Summary

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capable of performing a man-in-the-middle (MITM) attack could exploit this issue to intercept or manipulate network traffic, potentially exposing authentication credentials or sensitive design data.

Affected Software

VendorProductVersion RangeStatus
AltiumAltium Designer24.9 <= 25.1affected

Weaknesses

  • CWE-295: CWE-295 – Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References