CVE-2025-4384

Summary

The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly.

The use of a client certificate reduces the risk for random devices to take advantage of this flaw.

Affected Software

VendorProductVersion RangeStatus
arcinfoPcVue16.3.0unaffected
arcinfoPcVue16.0 < 16.2.5affected
arcinfoPcVue15.0 < 15.2.12affected

Weaknesses

  • CWE-298: CWE-298 Improper Validation of Certificate Expiration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References