VDB
CVE-2025-11931
CVE-2025-11931
PUBLISHED
CVSS 2.0999999046325684 LOW
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application.
EPSS 0.03% · 7.5th percentile
Risk Scores
CVSS v4.0
2.0999999046325684
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
EPSS Score
0.03%
7.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| wolfSSL | wolfSSL | 0 |
| wolfssl | wolfssl | 5.8.4 |
Timeline
- Jan 21, 1970 Fix PR Merged
- Oct 17, 2025 CVE ID Reserved
- Nov 21, 2025 CVE Published
- Nov 22, 2025 EPSS Score
- Nov 22, 2025 Coalition ESS Score
- Nov 27, 2025 EPSS Score
- Dec 2, 2025 EPSS Score
- Dec 6, 2025 EPSS Score
- Dec 8, 2025 CVE Updated
- Dec 11, 2025 EPSS Score
- Dec 16, 2025 EPSS Score
- Dec 19, 2025 Coalition ESS Score