Home

Description

Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.

PUBLISHED Reserved 2025-10-20 | Published 2025-10-27 | Updated 2025-10-27 | Assigner INCIBE




HIGH: 8.2CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-299: Improper Check for Certificate Revocation

Product status

Default status
unaffected

7.5
affected

7.6
affected

References

www.incibe.es/...certificates-thegreenbow-vpn-client-windows

www.thegreenbow.com/en/support/security-alerts/ vendor-advisory patch

cve.org (CVE-2025-11955)

nvd.nist.gov (CVE-2025-11955)

Download JSON