Server Certificate Verification Flaw in Arc Agent Affecting Guardian or CMC
CVE-2025-40896

6.3MEDIUM

Key Information:

Vendor: Nozomi Networks
Status: Arc
Vendor: CVE Published:; 4 March 2026

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2025-40896?

A significant flaw exists in the Arc agent's server certificate validation process when connecting to the Guardian or CMC, allowing a malicious actor to potentially conduct a man-in-the-middle attack. This vulnerability can enable the interception of sensitive communication between the Arc agent and the Guardian or CMC. Attackers could hijack client tokens and gain access to private data, which may include asset details and alerts. Furthermore, there is a risk of server impersonation, leading to the injection of misleading information into the system, such as fraudulent asset data or erroneous vulnerability reporting.

Affected Version(s)

Arc 0 < 2.2.0

References

https://security.nozominetworks.com/NN-2025:18-01

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

This issue was found by Felix Eberstaller of Limes Security during a VAPT testing session commissioned by one of our customers.

CVE-2025-40896 Data

JSON