CVE-2025-11625

Host verification bypass and credential leak

CVSS 9.4 CRITICALEPSS 0.4%CWE-287

In short

wolfSSH clients before version 1.4.21 fail to properly verify the server's identity, allowing attackers to impersonate legitimate servers and steal user credentials during SSH connections.

Technical detail

CWE-287 improper authentication in wolfSSH versions ≤1.4.20 enables man-in-the-middle attacks where clients skip or inadequately validate host keys, leading to credential compromise. The vulnerability affects SSH client implementations that rely on this library without proper certificate pinning or host key verification.

Summary generated and translated by AI from the official description.

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/U:Red

Affected products

wolfSSL · wolfSSH

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/wolfSSL/wolfssh/pull/840