CVE-2025-11933
📋 TL;DR
A vulnerability in wolfSSL's TLS 1.3 CKS extension parsing allows remote attackers to cause denial-of-service by sending crafted ClientHello messages with duplicate CKS extensions. This affects wolfSSL 5.8.2 and earlier on all platforms where TLS 1.3 is enabled. Systems using vulnerable versions of wolfSSL for TLS connections are at risk.
💻 Affected Systems
- wolfSSL
📦 What is this software?
Wolfssl by Wolfssl
⚠️ Risk & Real-World Impact
Worst Case
Remote unauthenticated attacker crashes the TLS service, causing complete denial-of-service for all TLS connections on affected systems.
Likely Case
Service disruption through TLS connection failures, potentially affecting application availability that depends on TLS communication.
If Mitigated
Minimal impact with proper network controls and updated software; failed connections logged but service remains available.
🎯 Exploit Status
Exploitation requires sending a specially crafted TLS ClientHello message with duplicate CKS extensions. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: wolfSSL 5.8.3 or later
Vendor Advisory: https://github.com/wolfSSL/wolfssl/pull/9132
Restart Required: Yes
Instructions:
1. Download wolfSSL 5.8.3 or later from official repository. 2. Replace vulnerable wolfSSL library. 3. Recompile applications using wolfSSL if statically linked. 4. Restart affected services.
🔧 Temporary Workarounds
Disable TLS 1.3
allDisable TLS 1.3 protocol to prevent exploitation while maintaining TLS 1.2 functionality
Configure wolfSSL with --disable-tls13 or set appropriate compile-time flags
Network filtering
allUse network controls to filter or rate-limit TLS ClientHello messages
🧯 If You Can't Patch
- Implement network segmentation to isolate vulnerable systems from untrusted networks
- Deploy intrusion prevention systems (IPS) to detect and block malicious TLS handshake patterns
🔍 How to Verify
Check if Vulnerable:
Check wolfSSL version with wolfSSL_version() or examine library files. Verify TLS 1.3 is enabled in configuration.Check Version:
wolfssl_version or check library version in application outputVerify Fix Applied:
Confirm wolfSSL version is 5.8.3 or later and test TLS 1.3 connections remain stable under normal and malformed ClientHello conditions.📡 Detection & Monitoring
Log Indicators:
- Unexpected TLS handshake failures
- wolfSSL error logs related to extension parsing
- Service crashes during TLS negotiation
Network Indicators:
- Multiple TLS ClientHello messages with unusual extension patterns
- Connection resets during TLS handshake
SIEM Query:
source="*wolfssl*" AND ("handshake failure" OR "extension error" OR "CKS")