CVE Catalog

CVE-2025-56231

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile - higher than 13% of all known CVEs

Summary

Tonec Internet Download Manager 6.42.41.1 and earlier fails to validate SSL certificates, allowing attackers to bypass update protections.

Risk Assessment

An attacker can intercept and replace software updates, installing malware instead of legitimate patches, leading to system compromise.

Recommendation

Immediately update Internet Download Manager to the latest available version that includes the SSL certificate validation fix.

Original NVD description (English source)

Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS