CVE-2025-59353 is a high-severity vulnerability affecting versions of the open-source Dragonfly P2P-based file distribution and image acceleration system prior to 2.1.0. The core issue lies in improper certificate validation within the Manager’s Certificate gRPC service. Specifically, the service issues TLS certificates to peers without verifying that the IP addresses requested in the certificate actually belong to the requesting peer. This flaw allows a malicious peer to obtain a valid TLS certificate for arbitrary IP addresses, effectively bypassing mutual TLS (mTLS) authentication mechanisms designed to ensure that peers are who they claim to be. Since mTLS is critical for establishing trust and secure communication between peers in distributed systems, this vulnerability undermines the integrity and confidentiality of the network. The vulnerability is classified under CWE-295 (Improper Certificate Validation) and CWE-862 (Missing Authorization), indicating a failure to properly authorize certificate requests based on the requester’s identity and network context. The vulnerability has a CVSS 4.0 base score of 7.7, reflecting its network attack vector, low complexity, no required privileges or user interaction, and a high impact on integrity. While no known exploits are currently reported in the wild, the flaw’s nature makes it a significant risk for environments relying on Dragonfly for secure file distribution. The issue was addressed in Dragonfly version 2.1.0 by implementing proper validation to ensure that the IP addresses in certificate requests correspond to the actual IP address of the requesting peer, restoring the effectiveness of mTLS authentication.

For European organizations using Dragonfly versions prior to 2.1.0, this vulnerability poses a serious risk to the confidentiality and integrity of distributed file transfers and image acceleration workflows. An attacker exploiting this flaw could impersonate legitimate peers by obtaining valid TLS certificates for arbitrary IP addresses, enabling man-in-the-middle attacks, unauthorized data access, or injection of malicious content into the distribution network. This could lead to data breaches, disruption of critical software delivery pipelines, and compromise of internal infrastructure. Given the increasing adoption of P2P and container image acceleration technologies in cloud-native and edge computing environments across Europe, the vulnerability could affect sectors such as finance, healthcare, telecommunications, and government agencies that rely on secure and efficient software distribution. The lack of authentication in the certificate issuance process also increases the risk of lateral movement within networks if attackers gain footholds. Although no active exploits are known, the ease of exploitation and the critical role of mTLS in securing peer communications make timely patching essential to prevent potential attacks.

European organizations should immediately assess their use of Dragonfly and identify any deployments running versions prior to 2.1.0. The primary mitigation is to upgrade all affected Dragonfly instances to version 2.1.0 or later, where the certificate validation flaw is fixed. Until upgrades can be completed, organizations should consider implementing network-level controls to restrict access to the Manager’s Certificate gRPC service, such as IP whitelisting, firewall rules, or VPN segmentation, to limit certificate requests to trusted peers only. Additionally, monitoring and logging of certificate issuance requests should be enhanced to detect anomalous or unauthorized requests for certificates with unexpected IP addresses. Organizations should also review their mTLS configurations and ensure that other layers of authentication and authorization are in place to reduce reliance on certificate validation alone. Finally, incorporating threat hunting for signs of man-in-the-middle or impersonation attacks within Dragonfly networks can help detect exploitation attempts early.