Improper Certificate Validation in Comodo Internet Security Premium
CVE-2025-7095

6.3MEDIUM

Key Information:

Vendor

Comodo

Status
Internet Security Premium
Vendor
CVE Published:
6 July 2025

What is CVE-2025-7095?

A vulnerability has been identified in Comodo Internet Security Premium 12.3.4.8162, specifically affecting the Update Handler component. This issue allows for improper validation of certificates, which can expose the system to remote attacks. Despite the complexity of exploiting this vulnerability being high, the potential risks it poses are significant, highlighting the importance of timely updates and patches. Early warnings were provided to Comodo, but the lack of response raises concerns regarding user safety. Users are advised to stay informed about potential exploits and implement preventive measures.

Affected Version(s)

Internet Security Premium 12.3.4.8162

References

https://vuldb.com/?id.315009
vdb-entry
https://vuldb.com/?ctiid.315009
signaturepermissions-required
https://vuldb.com/?submit.603712
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

FPT IS Security (VulDB User)
.
CVE-2025-7095 : Improper Certificate Validation in Comodo Internet Security Premium