Post from 2025-02-12 19:06:00
Updates get MitM'd by middleboxes (using shitty certs) all the time. This is why update packages are digitally signed and why many vendors simply use plain HTTP for delivery.
Yet for some reason Crowd Strike marked this as high severity with a CVSS vector indicating MitM -> full system compromise...
CVE-2025-1146