vulnerability
FreeBSD: VID-ba02dfb6-ce31-11f0-a327-589cfc01894a (CVE-2025-11935): wolfssl -- multiple issues
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Nov 30, 2025 | Dec 10, 2025 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Nov 30, 2025
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
wolfSSL blog reports: This release includes multiple fixes across TLS 1.2, TLS 1.3, X25519, XChaCha20-Poly1305, and PSK processing. Highlights include: A timing-side-channel issue in X25519 specifically affecting Xtensa-based ESP32 devices. Low-memory X25519 implementations are now the default for Xtensa. A medium-severity TLS 1.3 server-side DoS risk from repeated KeyShareEntry values in malicious ClientHello messages. Several TLS 1.3 downgrade-related issues (PFS downgrades, signature algorithm downgrades, and duplicate extension parsing). A memory leak risk in TLS 1.2 certificate digest handling. XChaCha20-Poly1305 decryption bounds-check fix and constant-time improvements in PSK binder verification.
Solution
freebsd-upgrade-package-wolfssl
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.