Heap Buffer Over-read Vulnerability in wolfSSH by wolfSSL
CVE-2025-15382

5.1MEDIUM

Key Information:

Vendor: Wolfssl
Status: Wolfssh
Vendor: CVE Published:; 6 January 2026

What is CVE-2025-15382?

A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function within the wolfSSH product by wolfSSL. This vulnerability can be exploited by an authenticated remote attacker who crafts an SCP path containing '/./' sequences, potentially leading to unintended memory access and data leakage by reading one byte beyond allocated memory boundaries.

Affected Version(s)

wolfSSH 1.4.12 < 1.4.21

References

https://github.com/wolfSSL/wolfssh/pull/859

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2026
Vulnerability Reserved
Dec 30, 2025

Credit

Luigino Camastra

CVE-2025-15382 Data

JSON