Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
jxcore jxm: Unsecured HTTPS Connections Possible with Invalid Certificates
CVE-2025-70045
Summary
The jxcore jxm master application fails to properly check the security of HTTPS connections, potentially allowing malicious servers to be accepted as trusted. This could allow an attacker to intercept sensitive information. Update the application to ensure proper certificate validation is enabled.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| jxcore | jxm | All versions | – |
Original title
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false i...
Original description
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jx_obj.IsSecure' is true
nvd CVSS3.1
7.4
Vulnerability type
CWE-295
Improper Certificate Validation
- https://gist.github.com/zcxlighthouse/bd5852a409c97438016f2c476f8461d9 Third Party Advisory
- https://github.com/jxcore Product
- https://github.com/jxcore/jxm Product
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026