Timing Side-Channel Vulnerability in wolfSSL
CVE-2025-13912

1LOW

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-13912?

wolfSSL versions prior to 5.8.4 exhibit a security vulnerability where multiple constant-time implementations may be inadvertently altered by LLVM optimizations. This alteration can transform them into non-constant-time binaries, leading to timing discrepancies that attackers can exploit. Such discrepancies potentially enable timing side-channel attacks, allowing unauthorized data exposure.

Affected Version(s)

wolfSSL 0 < 5.8.4

References

https://github.com/wolfSSL/wolfssl/pull/9148

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Dec 2, 2025

Credit

Jing Liu

Zhiyuan Zhang

LUCÍA MARTÍNEZ GAVIER

Gilles Barthe

Marcel Böhme

JSON