← Back to CVEs
CVE-2025-11625
CRITICAL9.8
Description
Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/21/2025
Last Modified12/4/2025
Sourcenvd
Honeypot Sightings0
Affected Products
wolfssh:wolfssh
Weaknesses (CWE)
CWE-287
References
https://github.com/wolfSSL/wolfssh/pull/840(facts@wolfssl.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.