GoSign Desktop, subject of this advisory, is the on-premise version released for Microsoft Windows, Linux Ubuntu, and Apple macOS. DESCRIPTION We have identified a critical vulnerability in the GoSign Desktop software, developed by Tinexta InfoCert. 2.2) Privilege Escalation A second exploitation vector involves the preliminary compromise of the unprivileged user account running GoSign Desktop. WORKAROUND Fix in GoSign Desktop 2.4.1 In version 2.4.1 of GoSign Desktop, released on 2025-11-04, a fix was introduced to verify the digital signature of the update manifest. However, the lack of TLS certificate validation when the application is configured to use a proxy remains unaddressed.