VDB

CVE-2025-11934

CVE-2025-11934 PUBLISHED CVSS 2.0999999046325684 LOW

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256, if the client supports ECDSA P256.

EPSS 0.02% · 5.1th percentile

Risk Scores

CVSS v4.0
2.0999999046325684
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
EPSS Score
0.02%
5.1th percentile

Affected Products

VendorProductVersions
wolfSSLwolfSSL3.12.0
wolfsslwolfssl5.8.2

Timeline

  • Jan 21, 1970 Fix PR Merged
  • Oct 17, 2025 CVE ID Reserved
  • Nov 21, 2025 CVE Published
  • Nov 21, 2025 PoC Published
  • Nov 22, 2025 EPSS Score
  • Nov 22, 2025 Coalition ESS Score
  • Nov 27, 2025 EPSS Score
  • Dec 2, 2025 EPSS Score
  • Dec 4, 2025 Coalition ESS Score
  • Dec 5, 2025 Coalition ESS Score
  • Dec 6, 2025 EPSS Score
  • Dec 8, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›