Cyber Posture

CVE-2025-65753

High

Published: 17 February 2026

Published
17 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 8.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65753 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Gryphon (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 8.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SA-19 Component Authenticity
addresses: CWE-295

When certificates are used to establish component provenance, the control requires correct certificate validation procedures.

SC-17 Public Key Infrastructure Certificates
addresses: CWE-295

Mandates approved trust anchors and issuance policies, directly preventing acceptance of unvalidated or untrusted certificates.

SC-45 System Time Synchronization
addresses: CWE-295

Correct system time is required for proper enforcement of certificate notBefore/notAfter dates and time-based revocation checks.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Improper certificate validation (CWE-295) in public-facing TLS service directly enables remote exploitation for RCE as root.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root.

Deeper analysisAI

CVE-2025-65753 is a vulnerability in the TLS certification mechanism of Guardian Gryphon version v01.06.0006.22. Published on 2026-02-17, it is classified under CWE-295 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). The flaw enables attackers to execute commands as root on affected systems.

Remote attackers require no privileges to target this vulnerability over the network, but exploitation demands high attack complexity and user interaction. Successful attacks allow arbitrary command execution with root privileges, resulting in high impacts to confidentiality, integrity, and availability.

Advisories and further details, including potential mitigations or patches, are referenced at http://gryphon.com and https://github.com/diegovargasj/CVE-2025-65753.

Details

CWE(s)
CWE-295

Affected Products

Gryphon
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-23776Shared CWE-295
CVE-2025-46070Shared CWE-295
CVE-2026-21228Shared CWE-295
CVE-2024-43107Shared CWE-295
CVE-2026-4740Shared CWE-295
CVE-2026-34580Shared CWE-295
CVE-2025-68121Shared CWE-295
CVE-2025-30278Shared CWE-295
CVE-2026-5501Shared CWE-295
CVE-2026-20184Shared CWE-295

References