How serious is CVE-2025-40896?

This vulnerability has a CVSS score of 6.3 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2025-40896?

Yes, proof-of-concept exploit code for CVE-2025-40896 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2025-40896?

CVE-2025-40896 affects nozominetworks arc. Check the full CVE details for specific version information.

How do I fix CVE-2025-40896?

To remediate CVE-2025-40896, check for security patches from nozominetworks. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2025-40896

Medium

|6.3

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

An attacker could intercept and manipulate the communication between an Arc agent and its server, allowing them to steal sensitive information or send false data. This vulnerability occurs because the server's identity isn't properly verified when the Arc agent connects, making it easier for the attacker to impersonate the server.

Technical Description

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc agent and the Guardian or CMC. This could result in theft of the client token and sensitive information (such as assets and alerts), impersonation of the server, or injection of spoofed data (such as false asset information or vulnerabilities) into the Guardian or CMC.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$897($500-$1K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Mar 4, 2026

about 1 month ago

Last Modified

Mar 5, 2026

about 1 month ago

Vendor

nozominetworks

Product

arc

Related Vulnerabilities

CVE-2025-40895Low

This vulnerability allows a malicious user with admin access to a connected Guardian to inject harmful HTML into the CMC's Sensor Map feature, which could trick other users into clicking on phishing links. However, this can only happen if the Sensor Map is enabled, and the attack is limited because existing security measures prevent more serious exploits like full account takeover or data theft.

CVE-2025-40894Low

This vulnerability allows a malicious user with the right permissions to inject harmful HTML into a node label, which could then be displayed to other users in the Alerted Nodes Dashboard. While the risk of full exploitation is limited by existing security measures, it could still lead to phishing attempts or redirecting users to malicious sites if they interact with the affected alerts.