CNNVD-202511-2413 Information

CNNVD ID

CNNVD-202511-2413

Related CVE

CVE-2025-12888

• CNNVD Published: 2025-11-21

Description (Chinese)

wolfSSL（CyaSSL）是美国wolfSSL公司的一个针对嵌入式系统开发人员使用的小的、可移植的嵌入式SSL编程库。 wolfSSL存在安全漏洞，该漏洞源于编译器优化和CPU架构限制引入的时间侧信道，可能导致加密实现被攻击。

Description (English)

WolfSSL (CyaSSL) is a small, portable, embedded SSL programming library for embedded system developers in the United States of America. There is a security loophole in the WolfSSL, which stems from the compiler optimization and the CPU structure limiting the introduction of time-side channels, which may result in encryption being attacked.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

wolfSSL

Published

2025-11-21

Last Modified

2026-02-24

References

https://github.com/wolfSSL/wolfssl/pull/9275 https://access.redhat.com/security/cve/cve-2025-12888 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12888

Patch

https://www.wolfssl.com/download/