Wolfssh
CVE-2025-14942
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report.
AnalysisAI
wolfSSH through 1.4.21 has a key exchange state machine vulnerability that can leak client passwords in cleartext, trick clients into sending bogus signatures, or skip user authentication entirely. A fundamental protocol implementation flaw.
Technical ContextAI
The SSH key exchange state machine does not properly enforce the expected sequence of protocol messages (CWE-287). An active man-in-the-middle attacker can manipulate the key exchange to: (1) receive the client's password before encryption is established, (2) trick the client into signing attacker-controlled data, or (3) convince the server that authentication was completed when it was not.
RemediationAI
Update wolfSSH immediately. Rotate all credentials used over wolfSSH connections. Consider using a different SSH library if updates cannot be applied quickly.
WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR. Rated critical sev
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. Rated critical severity (CVSS 9
A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote att
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today