{"id":"CVE-2025-11625","details":"Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.","modified":"2026-04-10T05:20:44.391971Z","published":"2025-10-21T14:15:46.997Z","references":[{"type":"REPORT","url":"https://github.com/wolfSSL/wolfssh/pull/840"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wolfssl/wolfssh","events":[{"introduced":"0"},{"last_affected":"da85e49a204f42c31ae7bb1555c1d923eb964a29"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.20"}]}}],"versions":["v0.1","v0.2.0","v1.0.0-RC1","v1.0.0-RC2","v1.1.0-stable","v1.2.0-stable","v1.2.2","v1.3.0-stable","v1.4.0-stable","v1.4.10-stable","v1.4.11-stable","v1.4.12-stable","v1.4.13-stable","v1.4.14-stable","v1.4.15-stable","v1.4.16","v1.4.17-stable","v1.4.18-stable","v1.4.19-stable","v1.4.2-stable","v1.4.20-stable","v1.4.3-stable","v1.4.4-stable","v1.4.5-stable","v1.4.6-stable","v1.4.7-stable","v1.4.8-stable","v1.4.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11625.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}