Information Disclosure in wolfSSL TLS 1.3 PSK Binder Verification
CVE-2025-11932

2.3LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-11932?

The server's method for verifying the TLS 1.3 Pre-Shared Key (PSK) binder was flawed as it relied on a non-constant time algorithm. This design oversight presented a risk of leaking sensitive information regarding the PSK binder, potentially exposing critical elements of the secure communication process.

Affected Version(s)

wolfSSL 0 < 5.8.4

References

https://github.com/wolfSSL/wolfssl/pull/9223

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Oct 17, 2025

Credit

Luigino Camastra from Aisle Research

JSON