VYPR

CWE-298

Improper Validation of Certificate Expiration

VariantDraftLikelihood: Low

Description

A certificate expiration is not validated or is incorrectly validated.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (5)

  • CVE-2025-61736HigDec 17, 2025
    risk 0.46cvss epss 0.00

    Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.

  • CVE-2025-4384MedMay 6, 2025
    risk 0.39cvss epss 0.00

    The MQTT add-on of PcVue fails to verify that a remote device’s certificate has not already expired or has not yet become valid. This allows malicious devices to present certificates that are not rejected properly. The use of a client certificate reduces the risk for random…

  • CVE-2025-59036MedSep 9, 2025
    risk 0.29cvss 5.5epss 0.00

    Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an…

  • CVE-2023-42446Sep 18, 2023
    risk 0.00cvss epss 0.00

    Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on…

  • CVE-2022-31145Jul 13, 2022
    risk 0.00cvss epss 0.01

    FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. In versions 1.1.30 and prior, authenticated users using an external identity provider can continue to use Access Tokens and ID Tokens even after they expire. Users…