Cyber Resilience

CVE-2025-65753

High

Published: 17 February 2026

Published
17 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 8.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65753 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Gryphon (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-65753 is a vulnerability in the TLS certification mechanism of Guardian Gryphon version v01.06.0006.22. Published on 2026-02-17, it is classified under CWE-295 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). The flaw enables attackers to execute commands as root on affected systems.

Remote attackers require no privileges to target this vulnerability over the network, but exploitation demands high attack complexity and user interaction. Successful attacks allow arbitrary command execution with root privileges, resulting in high impacts to confidentiality, integrity, and availability.

Advisories and further details, including potential mitigations or patches, are referenced at http://gryphon.com and https://github.com/diegovargasj/CVE-2025-65753.

EU & UK References

Vulnerability details

An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Improper certificate validation (CWE-295) in public-facing TLS service directly enables remote exploitation for RCE as root.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23776Shared CWE-295
CVE-2026-21228Shared CWE-295
CVE-2025-46070Shared CWE-295
CVE-2026-5787Shared CWE-295
CVE-2026-4740Shared CWE-295
CVE-2024-41334Shared CWE-295
CVE-2024-43107Shared CWE-295
CVE-2024-40702Shared CWE-295
CVE-2026-7821Shared CWE-295
CVE-2025-30277Shared CWE-295

Affected Assets

Gryphon
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of PKI certificates by constructing certification paths to trust anchors, addressing the improper TLS certification mechanism flaw.

prevent

Mandates timely flaw remediation including patching the specific vulnerability in Guardian Gryphon's TLS certification mechanism to prevent root command execution.

detect

Facilitates detection of the CVE-2025-65753 vulnerability through regular scanning, enabling proactive mitigation of the TLS certification issue.

References