CVE-2025-67229

Critical

Published: 23 January 2026

Published

23 January 2026

Modified

29 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 3.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67229 is a critical-severity Improper Certificate Validation (CWE-295) vulnerability in Todesktop Builder. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-17 Public Key Infrastructure Certificates good match

prevent

Directly mandates requirements for PKI certificates and prohibits improper types, addressing the insufficient certificate validation that enables on-path spoofing of backend responses.

SC-8 Transmission Confidentiality and Integrity good match

prevent

Requires cryptographic protection of transmission confidentiality and integrity, mitigating man-in-the-middle attacks exploiting improper certificate validation in ToDesktop Builder.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and correction of flaws like CVE-2025-67229 through patching as specified in the vendor security advisory.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

Improper certificate validation (CWE-295) directly enables on-path interception and spoofing of backend responses, mapping to Adversary-in-the-Middle.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.

Deeper analysisAI

CVE-2025-67229 is an improper certificate validation vulnerability (CWE-295) in ToDesktop Builder version 0.32.1. The flaw stems from insufficient certificate validation, enabling attackers to intercept and manipulate communications. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and lack of prerequisites.

An unauthenticated, on-path attacker can exploit this vulnerability to spoof backend responses. By positioning themselves between the affected ToDesktop Builder instance and its backend servers, the attacker can impersonate legitimate endpoints without needing privileges or user interaction, potentially leading to high-impact compromise of confidentiality, integrity, and availability.

Mitigation details are available in ToDesktop's security advisory TDSA-2025-001 at https://www.todesktop.com/security/advisories/TDSA-2025-001 and changelog at https://www.todesktop.com/changelog. Security practitioners should consult these resources for patching instructions and workarounds specific to version 0.32.1.