CVE-2025-7095

LOW

Comodo Internet Security - Authentication Bypass

Title source: rule

Description

A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.315009

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.315009

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.603712

[Exploit, Third Party Advisory] https://drive.google.com/file/d/1qnWarYsTSc5_sV6o8ULv0LBvGfKKXPxn/view?usp=sharing

[Exploit, Third Party Advisory] https://drive.google.com/file/d/1qnWarYsTSc5_sV6o8ULv0LBvGfKKXPxn/view

Scores

CVSS v3 3.7

EPSS 0.0005

EPSS Percentile 15.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-295 CWE-287

Status published

Products (1)

comodo/internet_security 12.3.4.8162

Published Jul 06, 2025

Tracked Since Feb 18, 2026