Server Certificate Validation Flaw in Altium Designer by Altium
CVE-2025-27377

5.3MEDIUM

Key Information:

Vendor: Altium
Status: Altium Designer
Vendor: CVE Published:; 22 January 2026

What is CVE-2025-27377?

Altium Designer version 24.9.0 contains a vulnerability related to the lack of validation for self-signed server certificates during cloud connections. This oversight enables attackers to conduct man-in-the-middle (MITM) attacks, where they can intercept or manipulate communication between the client and server. As a result, sensitive information such as authentication credentials and proprietary design data may be exposed to unauthorized entities, posing a significant risk to users relying on secure cloud interactions.

Affected Version(s)

Altium Designer Web 24.9 <= 25.1

References

https://www.altium.com/platform/security-compliance/secur...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Feb 23, 2025

CVE-2025-27377 Data

JSON