Certificate Verification Error in wolfSSL Affects Security of Various Applications
CVE-2025-7395

9.2CRITICAL

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 18 July 2025

What is CVE-2025-7395?

A certificate verification error in wolfSSL can compromise the verification of server certificate domain names when configurations include WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION. This vulnerability allows any valid certificate issued by a trusted Certificate Authority (CA) to be accepted by the client application, irrespective of whether the hostname matches. This oversight creates potential security risks, enabling man-in-the-middle attacks or unauthorized access.

Affected Version(s)

wolfSSL MacOS 5.6.4 <= 5.8.0

References

http://github.com/wolfssl/wolfssl.git

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2025
Vulnerability Reserved
Jul 9, 2025

Credit

Thomas Leong

Wolfssl

What is CVE-2025-7395?

Affected Version(s)

References

CVSS V4

Timeline

Credit