CVE-2025-11935
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-21
Last updated on: 2025-12-03
Assigner: wolfSSL Inc.
Description
Description
With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. This happened when aΒ server responded to a ClientHello containing psk_dhe_ke without a key_share extension.Β The re-use of an authenticated PSK connection that on the clients side unexpectedly did not have PFS, reduces the security of the connection.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | From 5.8.2 (inc) to 5.8.4 (exc) |
| apple | macos | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-326 | The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. |
