CVE-2025-7395 — Improper Certificate Validation in Wolfssl

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

9.2CRITICALNVD

EPSS

0.1%

top 83.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wolfssl Debian Wolfssl Msrc Azl3 Mariadb 10.11.11-1 ON Azure Linux 3.0 +1 more

Timeline

PublishedJul 18

Latest updateJul 19

Description

A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardless of the hostname.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5wolfssl/wolfssl5.6.4 — 5.8.0

▶debiandebian/wolfssl

▶msrcmsrc/cbl2_mariadb_10.6.21-1_on_cbl_mariner_2.0

▶msrcmsrc/azl3_mariadb_10.11.11-1_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-g6x8-5jj7-qqfv: A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in th↗2025-07-19

▶

OSV

CVE-2025-7395: A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in th↗2025-07-18

▶

📋Vendor Advisories

Microsoft

Domain Name Validation Bypass with Apple Native Certificate Validation↗2025-07-08

▶

Debian

CVE-2025-7395: wolfssl - A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_C...↗2025

▶