CVE-2025-14942 describes an Authentication Bypass vulnerability in wolfSSH. An attacker can manipulate the key exchange state machine, leading to potential password leakage or authentication bypass. This vulnerability affects client applications using wolfSSH versions 0.0 through 1.4.22. A fix is available in version 1.4.22, and updating is strongly recommended.
This vulnerability poses a significant risk to users of wolfSSH client applications. An attacker could exploit this flaw to intercept client passwords in cleartext during the key exchange process. Furthermore, the attacker might be able to forge signatures or trick the client into skipping user authentication altogether, granting unauthorized access. The potential for password compromise and unauthorized access makes this a high-impact vulnerability. While the description notes the same defect exists in server applications, there are no specific attacks mentioned, but the risk remains.
This vulnerability was discovered by Aina Toky Rasoamanana of Valeo and Olivier Levillain of Teleco. Public details regarding exploitation are currently limited, but the potential for password compromise warrants immediate attention. The CVE was published on 2026-01-06. No KEV listing or active exploitation campaigns are currently known.
Organizations and individuals using wolfSSH client applications, particularly those handling sensitive data or operating in environments with heightened security concerns, are at risk. This includes developers integrating wolfSSH into custom applications and those relying on legacy configurations that haven't been updated.
disclosure
Status do Exploit
EPSS
0.08% (percentil 25%)
CISA SSVC
The primary mitigation for CVE-2025-14942 is to upgrade to wolfSSH version 1.4.22 or later. If an immediate upgrade is not feasible, consider temporarily disabling key exchange features or implementing stricter authentication policies. It is also highly recommended to rotate any credentials that may have been exposed during the vulnerable period. After upgrading, verify the fix by attempting a key exchange and confirming that no sensitive data is transmitted in cleartext.
Atualize a biblioteca wolfSSH para a versão 1.4.22 ou posterior. É recomendável atualizar as credenciais utilizadas com versões vulneráveis. Aplique o patch disponível no repositório do wolfSSH.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-14942 is a vulnerability in wolfSSH allowing manipulation of the key exchange, potentially leaking passwords or bypassing authentication. It affects versions 0.0-1.4.22.
If you are using wolfSSH client applications versions 0.0 through 1.4.22, you are potentially affected by this vulnerability. Server applications are also affected.
Upgrade to wolfSSH version 1.4.22 or later. Consider rotating credentials as a precaution.
Currently, there are no confirmed reports of active exploitation, but the potential for password compromise warrants immediate action.
Refer to the official wolfSSH project website or relevant security mailing lists for the latest advisory and updates.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.