Improper Input Validation in wolfSSL Affects Multiple Platforms
CVE-2025-11936

6.3MEDIUM

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-11936?

A flaw in the parsing of KeyShareEntry values in wolfSSL v5.8.2 can be exploited by an unauthenticated remote attacker. By sending a specially crafted ClientHello message with duplicate KeyShareEntry values for the same supported group, the attacker may induce excessive CPU and memory consumption, resulting in service disruptions. This vulnerability highlights the need for robust input validation to protect against potential denial-of-service attacks.

Affected Version(s)

wolfSSL Linux v5.8.2

References

https://github.com/wolfSSL/wolfssl

https://github.com/wolfSSL/wolfssl/pull/9117

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Oct 17, 2025

Credit

Jaehun Lee, Pohang University of Science and Technology (POSTECH)

Kyungmin Bae, Pohang University of Science and Technology (POSTECH)

JSON

Wolfssl

What is CVE-2025-11936?

Affected Version(s)

References

CVSS V4

Timeline

Credit