CVE-2025-11625

Published Oct 21, 2025

Last updated 3 months ago

CVSS critical 9.4

Overview

Description
Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.
Source
facts@wolfssl.com
NVD status
Analyzed
Products
wolfssh

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.4
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

facts@wolfssl.com
CWE-287

Social media

Hype score
Not currently trending

  1. 🚀 wolfSSH 1.4.21 is here! This release includes critical security fixes (CVE-2025-11624 & CVE-2025-11625), TPM key authentication, ED25519 support, and improved interoperability. Upgrade today & see all the new features in our blog 🔗 https://t.co/KZ9wgBY8TB #secur

    @wolfSSL

    24 Oct 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-11625 Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials. https://t.co/dNoahonMuX

    @CVEnew

    21 Oct 2025

    305 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2025-11625: CRITICAL] Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.#cve,CVE-2025-11625,#cybersecurity https://t.co/PLv4BW479p https://t.co/nMtMLJiPNQ

    @CveFindCom

    21 Oct 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report.CVE-2025-14942
  2. A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.CVE-2025-15382
  3. Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed.CVE-2025-11624
  4. A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access. CVE-2024-2873

References

Sources include official advisories and independent security research.