CVE-2025-2028 MEDIUM

CVE-2025-2028: Lack of TLS validation

Vendor Checkpoint

Product Check Point Management Log Server

Weakness CWE-295

Published August 6, 2025

Last update August 6, 2025

CVSS base score

6.5/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

What the vulnerability does

01Description

Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs

Key dates

August 6, 2025 CVE published

August 6, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2025-2028

CWE CWE-295

CVSS 6.5 / MEDIUM

Vendor Checkpoint

Product Check Point Management Log Server

Affected versions R81.10, R81.20, R82