CVE-2025-13912

LOW

wolfSSL <5.8.4 - Info Disclosure

Title source: llm

Description

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks.

References (1)

[Issue Tracking] https://github.com/wolfSSL/wolfssl/pull/9148

Scores

CVSS v4 1.0

EPSS 0.0003

EPSS Percentile 7.0%

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Details

CWE

CWE-203

Status published

Products (1)

wolfSSL/wolfSSL < 5.8.4

Published Dec 11, 2025

Tracked Since Feb 18, 2026