CVE-2025-12889

Опубликовано: 22 нояб. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.

Ссылки

https://github.com/wolfSSL/wolfssl/pull/9395
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wolfssl:wolfssl:5.8.4:*:*:*:*:*:*:*

EPSS

Процентиль: 2%

0.00014

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

CVE-2025-12889

CVSS3: 5.4

ubuntu

3 месяца назад

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.

CVE-2025-12889

msrc

2 месяца назад

TLS 1.2 Client Can Downgrade Digest Used

CVE-2025-12889

CVSS3: 5.4

debian

3 месяца назад

With TLS 1.2 connections a client can use any digest, specifically a w ...

GHSA-6wfx-6f8c-8wg4

CVSS3: 5.4

github

3 месяца назад

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest.

EPSS

Процентиль: 2%

0.00014

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo