We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-7395

Domain Name Validation Bypass with Apple Native Certificate Validation



Description

A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardless of the hostname.

Reserved 2025-07-09 | Published 2025-07-18 | Updated 2025-07-18 | Assigner wolfSSL


CRITICAL: 9.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:Y/V:D/U:Red

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status
unaffected

5.6.4
affected

Credits

Thomas Leong finder

References

github.com/wolfssl/wolfssl.git

cve.org (CVE-2025-7395)

nvd.nist.gov (CVE-2025-7395)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-7395

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.