Improper Input Validation in wolfSSL Affects Signature Algorithm Negotiation
CVE-2025-11934

2.1LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-11934?

A vulnerability in wolfSSL versions 5.8.2 and earlier allows for improper input validation during the negotiation of the TLS 1.3 CertificateVerify signature algorithm. This flaw can lead to a downgrade of the signature algorithm. For instance, if a client indicates support for ECDSA P521, the server may erroneously revert to ECDSA P256 if it accepts that as a response. This situation can compromise the intended security measures during TLS handshake processes, posing risks to data integrity.

Affected Version(s)

wolfSSL Linux v5.8.2

References

https://github.com/wolfSSL/wolfssl

https://github.com/wolfSSL/wolfssl/pull/9113

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Oct 17, 2025

Credit

Jaehun Lee, Pohang University of Science and Technology (POSTECH)

Kyungmin Bae, Pohang University of Science and Technology (POSTECH)

JSON

Wolfssl

What is CVE-2025-11934?

Affected Version(s)

References

CVSS V4

Timeline

Credit