CVE-2025-14942

Name of the Vulnerable Software and Affected Versions wolfSSH versions 1.4.21 and earlier

Description The wolfSSH key exchange state machine can be manipulated, potentially leading to the exposure of the client’s password in plaintext. This manipulation could also allow an attacker to trick the client into sending a fraudulent signature or bypassing user authentication altogether. The issue affects both client and server applications utilizing wolfSSH.

Recommendations Update to a newer version of wolfSSH or apply the available fix patch. It is recommended to update credentials used with wolfSSH.