Home

Description

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.

PUBLISHED Reserved 2025-11-07 | Published 2025-11-21 | Updated 2025-11-21 | Assigner wolfSSL




LOW: 2.3CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

5.8.4
affected

Credits

Jaehun Lee from Pohang University of Science and Technology (POSTECH) finder

References

github.com/wolfSSL/wolfssl/pull/9395

cve.org (CVE-2025-12889)

nvd.nist.gov (CVE-2025-12889)

Download JSON