CVE-2025-12889
BaseFortify
Publication date: 2025-11-22
Last updated on: 2025-12-04
Assigner: wolfSSL Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wolfssl | wolfssl | 5.8.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo | |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows a client using TLS 1.2 connections to select any digest algorithm, including weaker ones that are supported, instead of being restricted to the stronger digests specified in the CertificateRequest. This means the client can downgrade the digest algorithm to a less secure option during the TLS handshake.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker could potentially exploit the use of weaker digest algorithms during TLS 1.2 connections, which may reduce the overall security of the encrypted communication. This could lead to increased risk of cryptographic attacks such as forgery or interception of data, compromising confidentiality and integrity.