CVE-2025-11934

Description

Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256, if the client supports ECDSA P256.

CVSS Details

CVSS Score

2.7

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* - NOT VULNERABLE

wolfSSL < 5.8.2 (vulnerable versions)

wolfSSL 5.8.2 and earlier versions

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-11934 PoC - TLS Signature Algorithm Downgrade
// This PoC demonstrates the signature algorithm downgrade vulnerability in wolfSSL

// Note: This is a conceptual PoC. Actual exploitation requires MITM capability.

/*
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>

int test_signature_algo_downgrade() {
    WOLFSSL_CTX* ctx;
    WOLFSSL* ssl;
    int ret;
    
    // Initialize wolfSSL
    wolfSSL_Init();
    
    // Create context with vulnerable version
    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    if (ctx == NULL) {
        printf("Failed to create context\n");
        return -1;
    }
    
    // Load trusted certificates
    ret = wolfSSL_CTX_load_verify_locations(ctx, "ca.crt", NULL);
    if (ret != SSL_SUCCESS) {
        printf("Failed to load CA certificate\n");
        return -1;
    }
    
    // Create SSL object
    ssl = wolfSSL_new(ctx);
    if (ssl == NULL) {
        printf("Failed to create SSL object\n");
        return -1;
    }
    
    // Set connection to vulnerable server
    wolfSSL_set_fd(ssl, sockfd);
    
    // Connect - vulnerability occurs during handshake
    // Server may downgrade from P521 to P256
    ret = wolfSSL_connect(ssl);
    if (ret != SSL_SUCCESS) {
        printf("SSL connection failed\n");
        return -1;
    }
    
    // Check negotiated signature algorithm
    int sig_algo = wolfSSL_get1_sigalgo(ssl);
    printf("Negotiated signature algorithm: %d\n", sig_algo);
    
    // Cleanup
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    wolfSSL_Cleanup();
    
    return 0;
}
*/

# Python PoC using scapy to intercept and modify TLS handshake
from scapy.all import *
from scapy.layers.tls.all import *

def cve_2025_11934_poc():
    """
    CVE-2025-11934: TLS 1.3 Signature Algorithm Downgrade
    
    This PoC demonstrates the vulnerability where a MITM attacker
    can cause the server to use a weaker signature algorithm than
    what the client originally requested.
    
    Prerequisites:
    - Ability to intercept network traffic (MITM position)
    - Target server running vulnerable wolfSSL version
    """
    print("CVE-2025-11934 PoC - TLS Signature Algorithm Downgrade")
    print("=" * 60)
    print("Vulnerability: wolfSSL does not properly validate signature")
    print("algorithm selection in TLS 1.3 CertificateVerify")
    print()
    print("Attack scenario:")
    print("1. Client sends supported_signature_algorithms with P521")
    print("2. Attacker intercepts and modifies the handshake")
    print("3. Server responds accepting P256 instead of P521")
    print("4. Connection continues with weaker P256 algorithm")
    print()
    print("Note: This vulnerability has CVSS 2.7 (LOW) severity")
    print("Direct exploitation is limited but violates security guarantees")
    
    return None

if __name__ == "__main__":
    cve_2025_11934_poc()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-11934
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-11934
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-11934/
[4] VulDB https://vuldb.com/cve/CVE-2025-11934
[5] https://github.com/wolfSSL/wolfssl
[6] https://github.com/wolfSSL/wolfssl/pull/9113
[7] https://github.com/wolfSSL/wolfssl/pull/9113

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-11934", "sourceIdentifier": "[email protected]", "published": "2025-11-21T23:15:44.540", "lastModified": "2025-12-03T18:47:17.287", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in the TLS 1.3 CertificateVerify signature algorithm negotiation in wolfSSL 5.8.2 and earlier on multiple platforms allows for downgrading the signature algorithm used. For example when a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256, if the client supports ECDSA P256."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "baseScore": 2.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8.2", "versionEndExcluding": "5.8.4", "matchCriteriaId": "EB81B784-14DD-4CD0-859A-62D42ADDD7D3"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}]}]}], "references": [{"url": "https://github.com/wolfSSL/wolfssl", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/wolfSSL/wolfssl/pull/9113", "source": "[email protected]", "tags": ["Issue Tracking", "Patch"]}, {"url": "https://github.com/wolfSSL/wolfssl/pull/9113", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Issue Tracking", "Patch"]}]}}