CVE-2025-11934
BaseFortify
Publication date: 2025-11-21
Last updated on: 2025-12-03
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | From 5.8.2 (inc) to 5.8.4 (exc) |
| apple | macos | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper input validation issue in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL version 5.8.2 and earlier. It allows an attacker to downgrade the signature algorithm used during the TLS handshake. For example, if a client supports ECDSA P521 but the server responds with ECDSA P256, the connection will continue using the weaker ECDSA P256 algorithm, potentially reducing the security of the connection.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to force the use of a weaker signature algorithm during the TLS handshake, which may reduce the overall security of the encrypted connection. This downgrade could make it easier for an attacker to compromise the integrity or authenticity of the communication.