CVE-2025-14942
Unknown Unknown - Not Provided
Authentication Bypass and Password Leak in wolfSSH

Publication date: 2026-01-06

Last updated on: 2026-01-06

Assigner: wolfSSL Inc.

Description
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-06
Last Modified
2026-01-06
Generated
2026-05-07
AI Q&A
2026-01-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-14942
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssh 1.4.21
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in wolfSSH involves improper handling of out-of-order messages during the SSH handshake process. It allows manipulation of the key exchange state machine to leak the client's password in clear text, trick the client into sending a bogus signature, or skip user authentication. The issue arises because the client and server do not properly enforce the correct sequence of handshake messages, which can be exploited. The fix enforces strict message ordering and validation to prevent these attacks. [1]


How can this vulnerability impact me? :

This vulnerability can lead to serious security impacts including exposure of the client's password in clear text, unauthorized access by skipping user authentication, and acceptance of forged signatures. This compromises the confidentiality and integrity of the SSH connection, potentially allowing attackers to gain unauthorized access or intercept sensitive information. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of this vulnerability involves monitoring for out-of-order or unexpected SSH handshake messages in wolfSSH client or server communications. Since the issue relates to improper message sequencing during the SSH handshake, network traffic analysis tools like Wireshark or tcpdump can be used to capture SSH handshake packets and inspect their order. However, there are no specific commands or signatures provided to detect exploitation attempts. Additionally, reviewing wolfSSH client or server logs for anomalies or handshake failures may help identify attempts to exploit this issue. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating wolfSSH to a version later than 1.4.21 that contains the patch fixing this vulnerability. Applying the official fix patch that enforces strict message ordering in the SSH handshake state machine is essential. It is also recommended to update any credentials used by wolfSSH clients and servers. While no specific attacks on server applications have been reported, applying the fix to both client and server implementations is advised to prevent exploitation. [1]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart