CVE

GHSA-vj87-jj27-4h9c

wolfSSL Python module vulnerable to Improper Authentication

CVE

GHSA-vj87-jj27-4h9c

wolfSSL Python module vulnerable to Improper Authentication

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.

Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided.

This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake.

The issue affects versions up to and including 5.8.2.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

9.3

4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X

9.1

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Related Resources

No items found.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-15346, https://github.com/wolfSSL/wolfssl-py/pull/62, https://github.com/wolfSSL/wolfssl-py/commit/b4517dece79f682a8f453abce5cfc0b81bae769d, https://github.com/wolfSSL/wolfssl-py, https://github.com/wolfSSL/wolfssl-py/releases/tag/v5.8.4-stable

Severity

9.1

CVSS Score

Basic Information

Ecosystem

Base CVSS

9.1

EPSS Probability

0.00057%

EPSS Percentile

0.18148%

Introduced Version

0,0.1.0

Fix Available

5.8.4-stable,5.8.4.post0

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GHSA-vj87-jj27-4h9c