CVE-2025-12889Improper Input Validation in Wolfssl

CWE-20Improper Input Validation5 documents5 sources
Severity
2.3LOWNVD
EPSS
0.0%
top 96.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
WolfsslDebian WolfsslMsrc Azl3 Mariadb 10.11.11-1 ON Azure Linux 3.0+1 more
Timeline
PublishedNov 22

Description

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Packages6 packages

debiandebian/wolfssl< wolfssl 5.8.4-1 (forky)
CVEListV5wolfssl/wolfssl< 5.8.4
Debianwolfssl/wolfssl< 5.8.4-1
NVDwolfssl/wolfssl5.8.4

Patches

Patch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-6wfx-6f8c-8wg4: With TLS 12025-11-22
OSV
CVE-2025-12889: With TLS 12025-11-22

📋Vendor Advisories

2
Microsoft
TLS 1.2 Client Can Downgrade Digest Used2025-11-11
Debian
CVE-2025-12889: wolfssl - With TLS 1.2 connections a client can use any digest, specifically a weaker dige...2025
CVE-2025-12889 — Improper Input Validation in Wolfssl | cvebase