Certificate Validation Vulnerability in RouterOS by MikroTik
CVE-2025-42611

6.5MEDIUM

Key Information:

Vendor: Mikrotik
Status: Routeros
Vendor: CVE Published:; 5 May 2026

What is CVE-2025-42611?

A vulnerability exists in RouterOS that stems from improper handling of certificate validation across multiple services. This flaw occurs due to shared trust in the system certificate store, which is utilized by various services including OpenVPN, CAPsMAN, and Dot1X. The lack of appropriate context for certificate trust may lead to authentication bypass, allowing malicious actors to exploit this weakness for unauthorized access or data interception. System administrators should assess their configurations and implement patches or updates to mitigate potential risks associated with this vulnerability.

Affected Version(s)

RouterOS 0 <= 7.20.x

References

https://www.cert.si/en/cve-2025-42611/

third-party-advisorygovernment-resource

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
Apr 16, 2025

CVE-2025-42611 Data

JSON

Mikrotik

What is CVE-2025-42611?

Affected Version(s)

References

CVSS V3.1

Timeline