CVE-2025-15382 – This heap buffer over-read vulnerability in wol... (How to Fix)

Q: What is the severity of CVE-2025-15382?

CVE-2025-15382 has a CVSS score of 8.1 (HIGH). This heap buffer over-read vulnerability in wolfSSH's wolfSSH_CleanPath() function allows authenticated remote attackers to read one byte beyond allocated memory boundaries via crafted SCP paths containing '/./' sequences. Systems using vulnerable versions of wolfSSH for SSH/SCP functionality are affected, potentially exposing sensitive memory contents.

📋 TL;DR

This heap buffer over-read vulnerability in wolfSSH's wolfSSH_CleanPath() function allows authenticated remote attackers to read one byte beyond allocated memory boundaries via crafted SCP paths containing '/./' sequences. Systems using vulnerable versions of wolfSSH for SSH/SCP functionality are affected, potentially exposing sensitive memory contents.

💻 Affected Systems

Products:

wolfSSH

Versions: Versions before the fix in PR #859

Operating Systems: All platforms running wolfSSH

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SCP functionality enabled and authenticated attacker access.

📦 What is this software?

Wolfssh by Wolfssh

View all CVEs affecting Wolfssh →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of adjacent heap memory containing sensitive data such as passwords, keys, or session tokens, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited information disclosure of adjacent memory contents.

🟢

If Mitigated

Minimal impact with proper memory protections (ASLR, stack canaries) and network segmentation limiting attacker access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access and specific path manipulation knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version containing PR #859 fix

Vendor Advisory: https://github.com/wolfSSL/wolfssh/pull/859

Restart Required: Yes

Instructions:

1. Update wolfSSH to version containing PR #859 fix. 2. Recompile applications using wolfSSH. 3. Restart affected services.

🔧 Temporary Workarounds

Disable SCP functionality

all

Disable SCP protocol support in wolfSSH configuration

Configure wolfSSH to disable SCP subsystem

Restrict authenticated user access

all

Limit SCP access to trusted users only

Configure SSH access controls and user permissions

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy memory protection mechanisms (ASLR, stack canaries) and monitor for crashes

🔍 How to Verify

Check if Vulnerable:

Check wolfSSH version against patched version from PR #859

Check Version:

Check wolfSSH library version or application documentation

Verify Fix Applied:

Verify wolfSSH version is updated beyond PR #859 fix

📡 Detection & Monitoring

Log Indicators:

SCP requests with unusual path patterns containing '/./' sequences
Application crashes or memory access violations in wolfSSH logs

Network Indicators:

SCP traffic with manipulated path parameters
Repeated SCP connection attempts with varying paths

SIEM Query:

source="ssh_logs" AND (path="*/./*" OR error="buffer" OR error="memory")

📊 Metadata

CVE ID: CVE-2025-15382

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

EPSS Score: 0.13% exploit probability (33.3th percentile)

Published: January 6, 2026

Last Updated: January 12, 2026

🔗 References

https://github.com/wolfSSL/wolfssh/pull/859 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15382, you might also want to check these: