CVE-2025-25305: Home Assistant does not correctly validate SSL for outgoing requests in core and used libs
Problem: Potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries.
References
Detect and mitigate CVE-2025-25305 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →