jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-07-23 17:27:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2025-25305 (#37529)

Browse Source
This commit is contained in:
Martin Hjelmare 2025-02-18 16:28:04 +01:00 committed by GitHub
parent 7d9207ebd7
commit 066d780858
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source/security/index.markdown
View File

@ -62,6 +62,13 @@ As an open source project, Home Assistant cannot offer bounties for security vul
The following is a list of past security advisories that have been published by the Home Assistant project.
**2025-02-18: SSL validation for outgoing requests in core and used libs not correct**
Severity: _High (CVSS: 3.1)_
Detailed information: _[Security advisory](https://github.com/home-assistant/core/security/advisories/GHSA-m3pm-rpgg-5wj6)_
Assigned CVE: _[CVE-2025-25305](https://nvd.nist.gov/vuln/detail/CVE-2025-25305)_
Discovered by: _[ReneNulschDE](https://github.com/ReneNulschDE)_
Fixed in: _Home Assistant Core 2024.1.6_
**2023-12-14: User accounts disclosed to unauthenticated actors on the LAN**
Severity: _Moderate (CVSS: 4.2)_
Detailed information: _[Security advisory](https://github.com/home-assistant/core/security/advisories/GHSA-jqpc-rc7g-vf83)_