CVE-2025-12888 — Vulnetix

CVE-2025-12888 PUBLISHED CVSS 1 LOW

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa.

EPSS 0.02% · 3.1th percentile

Risk Scores

CVSS v4.0

CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS Score

0.02%

3.1th percentile

Affected Products

Vendor	Product	Versions
wolfssl	wolfssl	5.8.2
wolfSSL	wolfSSL	0

Timeline

Nov 7, 2025 CVE ID Reserved
Nov 21, 2025 CVE Published
Nov 22, 2025 EPSS Score
Nov 22, 2025 Coalition ESS Score
Nov 25, 2025 Coalition ESS Score
Nov 26, 2025 Coalition ESS Score
Nov 27, 2025 EPSS Score
Nov 27, 2025 Coalition ESS Score
Dec 2, 2025 EPSS Score
Dec 3, 2025 Coalition ESS Score
Dec 4, 2025 Coalition ESS Score
Dec 5, 2025 Coalition ESS Score

References

https://https://github.com/wolfSSL/wolfssl/pull/9275 url
https://nvd.nist.gov/vuln/detail/CVE-2025-12888 advisory

Open in Interactive Console →