CVE-2025-44964

LOW

BlueStacks v5.20 - Man-in-the-Middle via SSL Certificate Validation Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-44964. PoCs published by ddanielx86.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2025-44964, demonstrating improper SSL certificate validation in BlueStacks v5.20. The PoC includes tools for ARP spoofing, MITM proxy setup, and certificate generation to intercept and manipulate HTTPS traffic.

Description

A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.

Exploits (1)

nomisec WORKING POC

by ddanielx86 · poc

https://github.com/ddanielx86/CVE-2025-44964

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2025-44964, demonstrating improper SSL certificate validation in BlueStacks v5.20. The PoC includes tools for ARP spoofing, MITM proxy setup, and certificate generation to intercept and manipulate HTTPS traffic.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: BlueStacks v5.20

No auth needed

Prerequisites: adjacent network access · root privileges for ARP spoofing

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 09, 2026 Full analysis →

References (2)

Core 2

Core References

Product

http://bluestacks.com

Third Party Advisory

https://claroty.com/team82/disclosure-dashboard/cve-2025-44964

Scores

CVSS v3 3.9

EPSS 0.0011

EPSS Percentile 1.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-295

Status published

Products (1)

bluestacks/bluestacks 5.20

Published Aug 05, 2025

Tracked Since Feb 18, 2026