Vulnerabilities ›

CVE-2025-71063

High

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.

CWE-295 — Weakness Type

                    Published: Jan 12, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

8.2

🔗 NVD Official

📄 Description (English)

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.

🤖 AI Executive Summary

Errands versions before 46.2.10 fail to verify TLS certificates when connecting to CalDAV servers, enabling man-in-the-middle (MITM) attacks. An attacker can intercept calendar data, credentials, and sensitive scheduling information without detection. This vulnerability affects organizations using Errands for calendar management and synchronization with enterprise CalDAV infrastructure.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 25, 2026 20:18

🇸🇦 Saudi Arabia Impact Assessment

Saudi government agencies, banking sector (SAMA-regulated institutions), and healthcare organizations using Errands for calendar synchronization face significant risk of credential theft and sensitive meeting information disclosure. Telecom operators (STC, Mobily) and energy sector organizations relying on CalDAV integration are vulnerable to MITM attacks on internal scheduling systems. The vulnerability is particularly critical for organizations on shared networks or using cloud-based CalDAV services without additional encryption layers.

🏢 Affected Saudi Sectors

Government and Public Administration Banking and Financial Services Healthcare Energy and Utilities Telecommunications Education

🎯 MITRE ATT&CK Techniques

T1557.002 - Adversary-in-the-Middle: HTTPS Interception T1040 - Traffic Redirection T1187 - Forced Authentication T1056.004 - Monitoring - Network Traffic

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

1. IMMEDIATE: Upgrade Errands to version 46.2.10 or later across all affected systems

2. PATCHING: Deploy patches through your software management system with priority scheduling

3. DETECTION: Monitor network traffic for unencrypted CalDAV connections (port 80, 8008) and certificate validation errors in application logs

4. COMPENSATING CONTROLS: Until patching is complete, enforce TLS 1.2+ at network level, use VPN/TLS tunneling for CalDAV connections, implement certificate pinning at firewall level

5. CREDENTIAL ROTATION: Reset passwords for accounts used with Errands CalDAV connections

6. AUDIT: Review CalDAV connection logs for suspicious activity during the vulnerability window

7. DETECTION RULES: Alert on CalDAV connections without valid certificate verification, monitor for certificate warnings in Errands logs

🔧 خطوات المعالجة (العربية)

1. فوري: ترقية Errands إلى الإصدار 46.2.10 أو أحدث عبر جميع الأنظمة المتأثرة

2. التصحيح: نشر التصحيحات من خلال نظام إدارة البرامج مع جدولة الأولويات

3. الكشف: مراقبة حركة المرور على الشبكة للاتصالات CalDAV غير المشفرة (المنفذ 80، 8008) وأخطاء التحقق من الشهادات في سجلات التطبيق

4. الضوابط البديلة: حتى اكتمال التصحيح، فرض TLS 1.2+ على مستوى الشبكة، استخدام نفق VPN/TLS لاتصالات CalDAV، تنفيذ تثبيت الشهادة على مستوى جدار الحماية

5. تدوير بيانات الاعتماد: إعادة تعيين كلمات المرور للحسابات المستخدمة مع اتصالات Errands CalDAV

6. التدقيق: مراجعة سجلات اتصال CalDAV للنشاط المريب خلال نافذة الثغرة

7. قواعد الكشف: تنبيهات على اتصالات CalDAV بدون التحقق الصحيح من الشهادة، مراقبة تحذيرات الشهادات في سجلات Errands

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.10.1 - Cryptography and encryption controls ECC 2024 A.13.1 - Network security and TLS implementation ECC 2024 A.14.2 - Secure development and certificate validation

🔵 SAMA CSF

SAMA CSF ID.BE-1 - Information security governance SAMA CSF PR.DS-2 - Data security and encryption SAMA CSF DE.CM-1 - Detection and monitoring of anomalies

🟡 ISO 27001:2022

ISO 27001:2022 A.5.15 - Encryption and cryptography ISO 27001:2022 A.8.3 - Cryptographic controls ISO 27001:2022 A.8.24 - Use of cryptography

🟣 PCI DSS v4.0.1

PCI DSS 4.1 - Strong cryptography for data in transit PCI DSS 6.5.10 - Broken authentication and session management

🔗 References & Sources 5

🔗

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738

cve@mitre.org

Third Party Advisory Mailing List

🔗

https://github.com/mrvladus/Errands/commit/04e567b432083fc798ea2249363ea6c83ff01099

cve@mitre.org

Patch

🔗

https://github.com/mrvladus/Errands/compare/46.2.9...46.2.10

cve@mitre.org

Patch

🔗

https://github.com/mrvladus/Errands/issues/401

cve@mitre.org

Issue Tracking

🔗

https://github.com/mrvladus/Errands/releases/tag/46.2.10

cve@mitre.org

Release Notes

📦 Affected Products / CPE 1 entries

mrvladus:errands

📊 CVSS Score

8.2

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

Attack VectorA — Adjacent

Attack ComplexityH — High

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityH — High

IntegrityH — High

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score8.2

CWECWE-295

EPSS0.02%

Exploit No

Patch ✓ Yes

Published 2026-01-12

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-295

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2025-71063

💬 Comments

Introduce Yourself

Sign In Required