CVE-2025-11624

Published Oct 21, 2025

Last updated 3 months ago

CVSS low 1.8

Overview

Description
Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed.
Source
facts@wolfssl.com
NVD status
Analyzed
Products
wolfssh

Risk scores

CVSS 4.0

Type
Secondary
Base score
1.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
LOW

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

facts@wolfssl.com
CWE-787

Social media

Hype score
Not currently trending

  1. 脆弱性の開示:wolfSSHにおけるスタックオーバーフローのおそれ (CVE-2025-11624): 影響を受けるユーザ v1.4.21以前のwolfSSHでSFTPサーバを使用しているユーザ 概要 wolfSS…続きを読む https://t.co/NlbM3xQeWm https://t.co/VpVFlkaUH

    @wolfSSL_Japan

    28 Jan 2026

    118 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Vulnerability Disclosure: wolfSSH CVE-2025-11624 ⚠️ A stack overflow was found in wolfSSH SFTP servers < v1.4.21. Fixed in PR #834. Thanks to Stanislav Fort for responsibly reporting. Update to stay secure: https://t.co/JJkdfLqlHM #SecureShell #SSH

    @wolfSSL

    9 Jan 2026

    103 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚀 wolfSSH 1.4.21 is here! This release includes critical security fixes (CVE-2025-11624 & CVE-2025-11625), TPM key authentication, ED25519 support, and improved interoperability. Upgrade today & see all the new features in our blog 🔗 https://t.co/KZ9wgBY8TB #secur

    @wolfSSL

    24 Oct 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-11624 Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor siz… https://t.co/4yLvhNyWfy

    @CVEnew

    21 Oct 2025

    312 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report.CVE-2025-14942
  2. A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.CVE-2025-15382
  3. Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.CVE-2025-11625
  4. A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access. CVE-2024-2873

References

Sources include official advisories and independent security research.