CVE-2025-59270 LOW

CVE-2025-59270: psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse

Vendor Pspete
Product psPAS
Weakness CWE-757
Published September 16, 2025
Last update September 30, 2025

CVSS base score

3.1/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.209.

Key dates

02Disclosure timeline

September 16, 2025 CVE published
September 30, 2025 Record updated