CVE-2025-7390

Summary

A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.

Affected Software

VendorProductVersion RangeStatus
SoftingOPC UA C++ SDK6.40 <= 6.80affected
SoftingOPC UA C++ SDK6.80.1unaffected
SoftingedgeConnector0 <= 2025.03affected
SoftingedgeConnectorSDEX Suite V1.0unaffected
SoftingedgeAggregator0 <= 2025.03affected
SoftingedgeAggregatorSDEX Suite V1.0unaffected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References