Integer Underflow in XChaCha20-Poly1305 Decrypt Affects wolfSSL
CVE-2025-11931

2.1LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-11931?

The vulnerability in wolfSSL's XChaCha20-Poly1305 decryption function can lead to an integer underflow, resulting in out-of-bounds access. This issue is triggered specifically through a direct call to the function wc_XChaCha20Poly1305_Decrypt(), and is not associated with any TLS connections. Such a flaw can potentially allow an attacker to exploit the affected application, compromising data integrity and confidentiality.

Affected Version(s)

wolfSSL 5.8.4

References

https://github.com/wolfSSL/wolfssl/pull/9223

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Oct 17, 2025

Credit

Luigino Camastra from Aisle Research

JSON