CVE-2025-14942
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Description
wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report.
Analysis
wolfSSH through 1.4.21 has a key exchange state machine vulnerability that can leak client passwords in cleartext, trick clients into sending bogus signatures, or skip user authentication entirely. A fundamental protocol implementation flaw.
Technical Context
The SSH key exchange state machine does not properly enforce the expected sequence of protocol messages (CWE-287). An active man-in-the-middle attacker can manipulate the key exchange to: (1) receive the client's password before encryption is established, (2) trick the client into signing attacker-controlled data, or (3) convince the server that authentication was completed when it was not.
Affected Products
wolfSSH through 1.4.21
Remediation
Update wolfSSH immediately. Rotate all credentials used over wolfSSH connections. Consider using a different SSH library if updates cannot be applied quickly.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today