CVE-2022-25640

HIGH

Wolfssl < 5.2.0 - Improper Certificate Validation

Title source: rule

Description

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.

Exploits (1)

nomisec WORKING POC 2 stars

by dim0x69 · poc

https://github.com/dim0x69/cve-2022-25640-exploit

View Code ZIP pw:eip

References (1)

[Patch, Third Party Advisory] https://github.com/wolfSSL/wolfssl/pull/4831

Scores

CVSS v3 7.5

EPSS 0.0510

EPSS Percentile 89.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-295

Status published

Products (1)

wolfssl/wolfssl < 5.2.0

Published Feb 24, 2022

Tracked Since Feb 18, 2026