CVE-2025-11936 – A denial-of-service vulnerability in wolfSSL v5... (How to Fix)

Q: What is the severity of CVE-2025-11936?

CVE-2025-11936 has a CVSS score of 5.3 (MEDIUM). A denial-of-service vulnerability in wolfSSL v5.8.2 allows remote attackers to crash TLS 1.3 connections by sending malicious ClientHello messages with duplicate KeyShareEntry values. This affects any system using the vulnerable wolfSSL library for TLS 1.3 connections. The attack requires no authentication and can be performed over the network.

📋 TL;DR

A denial-of-service vulnerability in wolfSSL v5.8.2 allows remote attackers to crash TLS 1.3 connections by sending malicious ClientHello messages with duplicate KeyShareEntry values. This affects any system using the vulnerable wolfSSL library for TLS 1.3 connections. The attack requires no authentication and can be performed over the network.

💻 Affected Systems

Products:

wolfSSL

Versions: v5.8.2

Operating Systems: All platforms running wolfSSL

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects TLS 1.3 connections. Systems not using TLS 1.3 or not using wolfSSL are not vulnerable.

📦 What is this software?

Wolfssl by Wolfssl

View all CVEs affecting Wolfssl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption for TLS 1.3 connections, potentially causing application downtime and resource exhaustion on affected servers.

🟠

Likely Case

Temporary denial-of-service for TLS 1.3 connections, increased CPU/memory usage, and potential connection failures.

🟢

If Mitigated

Minimal impact with proper network controls and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires sending crafted TLS ClientHello messages. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.8.3 or later

Vendor Advisory: https://github.com/wolfSSL/wolfssl/pull/9117

Restart Required: Yes

Instructions:

1. Update wolfSSL to version 5.8.3 or later
2. Recompile applications using wolfSSL
3. Restart affected services

🔧 Temporary Workarounds

Disable TLS 1.3

all

Temporarily disable TLS 1.3 support to prevent exploitation

wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_2);

Rate limit TLS connections

all

Implement connection rate limiting to reduce DoS impact

🧯 If You Can't Patch

Implement network-level filtering to block malicious TLS packets
Use load balancers with TLS termination to protect backend servers

🔍 How to Verify

Check if Vulnerable:

Check wolfSSL version with wolfSSL_lib_version() or equivalent function

Check Version:

wolfSSL_lib_version()

Verify Fix Applied:

Verify version is 5.8.3 or later and test TLS 1.3 connections

📡 Detection & Monitoring

Log Indicators:

Multiple failed TLS handshakes
High CPU/memory usage during TLS processing
Connection resets during ClientHello

Network Indicators:

Unusual TLS ClientHello patterns
Duplicate KeyShareEntry values in TLS traffic

SIEM Query:

source="tls_logs" AND (event="handshake_failure" OR event="connection_reset") AND protocol="TLSv1.3"

📊 Metadata

CVE ID: CVE-2025-11936

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-20

EPSS Score: 0.03% exploit probability (8.8th percentile)

Published: November 21, 2025

Last Updated: December 3, 2025

🔗 References

https://github.com/wolfSSL/wolfssl Product
https://github.com/wolfSSL/wolfssl/pull/9117 Issue Tracking,Patch
https://github.com/wolfSSL/wolfssl/pull/9117 Issue Tracking,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11936, you might also want to check these: