Key Exchange Manipulation in wolfSSH Client Applications from wolfSSL
CVE-2025-14942

9.4CRITICAL

Key Information:

Vendor: Wolfssl
Status: Wolfssh
Vendor: CVE Published:; 6 January 2026

What is CVE-2025-14942?

The wolfSSH library, used in various client applications, has a serious flaw in its key exchange state machine. This vulnerability enables an attacker to manipulate the authentication process, risking the exposure of the client’s password in an unencrypted format. Additionally, malicious actors can trick the client into sending invalid signatures or bypassing user authentication altogether. This affects all client applications utilizing wolfSSH versions 1.4.21 and earlier, prompting users to update their software or apply necessary patches. While no specific attacks have targeted server applications, the same vulnerability exists within wolfSSH server environments, necessitating attention and remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

wolfSSH 0 < 1.4.22

References

https://github.com/wolfSSL/wolfssh/pull/855

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Jan 6, 2026
Vulnerability Reserved
Dec 18, 2025

Credit

Aina Toky Rasoamanana

Olivier Levillain

JSON

Wolfssl

What is CVE-2025-14942?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.