CVE-2025-71063 - Vulnerability Details - OpenCVE

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738
https://github.com/mrvladus/Errands/commit/04e567b432083fc798ea2249363ea6c83ff01099
https://github.com/mrvladus/Errands/compare/46.2.9...46.2.10
https://github.com/mrvladus/Errands/issues/401
https://github.com/mrvladus/Errands/releases/tag/46.2.10

History

Mon, 12 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 12 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.
Weaknesses		CWE-295
References		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738 https://github.com/mrvladus/Errands/commit/04e567b432083fc798ea2249363ea6c83ff01099 https://github.com/mrvladus/Errands/compare/46.2.9...46.2.10 https://github.com/mrvladus/Errands/issues/401 https://github.com/mrvladus/Errands/releases/tag/46.2.10
Metrics		cvssV3_1 `{'score': 8.2, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-01-12T15:56:26.913Z

Updated: 2026-01-12T16:26:36.720Z

Reserved: 2026-01-12T15:56:26.581Z

Link: CVE-2025-71063

Vulnrichment

Updated: 2026-01-12T16:26:20.572Z

NVD

Status : Received

Published: 2026-01-12T16:16:04.947

Modified: 2026-01-12T16:16:04.947

Link: CVE-2025-71063

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2025-71063", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-01-12T15:56:26.581Z", "datePublished": "2026-01-12T15:56:26.913Z", "dateUpdated": "2026-01-12T16:26:36.720Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Errands", "vendor": "mrvladus", "versions": [{"lessThan": "46.2.10", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Errands before 46.2.10 does not verify TLS certificates for CalDAV servers."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-01-12T16:02:42.187Z"}, "references": [{"url": "https://github.com/mrvladus/Errands/issues/401"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738"}, {"url": "https://github.com/mrvladus/Errands/releases/tag/46.2.10"}, {"url": "https://github.com/mrvladus/Errands/commit/04e567b432083fc798ea2249363ea6c83ff01099"}, {"url": "https://github.com/mrvladus/Errands/compare/46.2.9...46.2.10"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-12T16:24:44.422950Z", "id": "CVE-2025-71063", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T16:26:36.720Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-71063", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-12T16:24:44.422950Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T16:26:20.572Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "mrvladus", "product": "Errands", "versions": [{"status": "affected", "version": "0", "lessThan": "46.2.10", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/mrvladus/Errands/issues/401"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738"}, {"url": "https://github.com/mrvladus/Errands/releases/tag/46.2.10"}, {"url": "https://github.com/mrvladus/Errands/commit/04e567b432083fc798ea2249363ea6c83ff01099"}, {"url": "https://github.com/mrvladus/Errands/compare/46.2.9...46.2.10"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "Errands before 46.2.10 does not verify TLS certificates for CalDAV servers."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-01-12T16:02:42.187Z"}}}, "cveMetadata": {"cveId": "CVE-2025-71063", "state": "PUBLISHED", "dateUpdated": "2026-01-12T16:26:36.720Z", "dateReserved": "2026-01-12T15:56:26.581Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-01-12T15:56:26.913Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}