Summary
| Impact of Vulnerability | Improper SSL Certificate Validation |
| CVE Numbers | CVE‑2025‑44964 |
| Severity Rating | Low |
| CVSS v3 Base / Temporal Scores: | 3.9 |
| Recommendations | Update to the latest version of BlueStacks |
| Affected Versions | Any |
| Location of Updated Software | https://www.bluestacks.com/download.html |
Description
One of BlueStacks’ backend APIs did not properly validate SSL certificates, which could have made it possible — though very unlikely. We've fixed this right away to keep your data safe.
Remediation
We have implemented proper SSL certificate validation for the affected backend API. This fix has been applied across all supported versions.
CVSS Scoring
| Base Score | 3.9 |
| Attack Vector (AV) | Network (N) |
| Attack Complexity (AC) | High (H) |
| Attack Requirements (AT) | None (N) |
| Privileges Required (PR) | None (N) |
| User Interaction (UI) | None (N) |
| Confidentiality (C) | Low (L) |
| Integrity (I) | None (N) |
| Availability (A) | None (N) |
https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Thank you for choosing BlueStacks. We hope you enjoy using it. Happy Gaming!