CVE-2025-43918 Information

Description

SSL.com before 2025-04-19 when domain validation method 3.2.2.4.14 is used processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester’s email address even when the requester does not otherwise establish administrative control of that domain.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1961406 https://news.ycombinator.com/item?id=43738485