cbcvebase.

Wolfssl Wolfssh vulnerabilities

4 known vulnerabilities affecting wolfssl/wolfssh.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-11625P2CRITICALCVSS 9.8v1.4.20;02025-10-21
CVE-2025-11625 [CRITICAL] CWE-287 CVE-2025-11625: Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.
nvd
CVE-2025-14942P2CRITICALCVSS 9.8fixed in 1.4.222026-01-06
CVE-2025-14942 [CRITICAL] CWE-287 CVE-2025-14942: wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to u
nvd
CVE-2025-15382P3HIGHCVSS 8.1≥ 1.4.12, < 1.4.212026-01-06
CVE-2025-15382 [HIGH] CWE-125 CVE-2025-15382: A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An auth A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
nvd
CVE-2026-0930P4MEDIUMCVSS 4.3≥ 1.4.15, < 1.5.02026-04-20
CVE-2026-0930 [MEDIUM] CWE-126 CVE-2026-0930: Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.
nvd
Wolfssl Wolfssh vulnerabilities | cvebase