Vulnerability DatabaseCVE-2025-7396

CVE-2025-7396:
wolfSSL vulnerability analysis and mitigation

In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the side-channel attack on extracting a private key would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

5.6

Score

Published July 18, 2025

Severity MEDIUM

CNA Score 5.6

Affected Technologies

wolfSSL

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 4.7

Exploitation Probability (EPSS) N/A

Affected packages and libraries

cpe:2.3:a:wolfssl:wolfssl
wolfssl

Sources

Alpine Security Tracker
- Alpine edge Severity MEDIUMNo FixAdded at: Dec 04, 2025
Homebrew
- Homebrew Severity MEDIUMNo FixAdded at: Dec 04, 2025
Nix
- Nix Severity MEDIUMNo FixAdded at: Dec 04, 2025
NVD
- Linux Severity MEDIUMHas FixAdded at: Dec 04, 2025

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related wolfSSL vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-15346	CRITICAL	9.3	Python	wolfssl	No	Yes	Jan 08, 2026
CVE-2025-11936	MEDIUM	6.3	wolfSSL	cpe:2.3:a:wolfssl:wolfssl	No	Yes	Nov 21, 2025
CVE-2025-12889	LOW	2.3	wolfSSL	wolfssl	No	Yes	Nov 22, 2025
CVE-2025-13912	LOW	1	wolfSSL	cpe:2.3:a:wolfssl:wolfssl	No	Yes	Dec 11, 2025
CVE-2025-12888	LOW	1	wolfSSL	wolfssl	No	Yes	Nov 21, 2025