Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows...

8.2 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.

Basic Information

ID CVE-2025-11955

Source INCIBE

Published Oct 27, 2025 at 11:30

Modified Oct 27, 2025 at 13:19

Affected Product

Vendor TheGreenBow

Product TheGreenBow VPN Client Windows Enterprise

Version 7.5

Affected Versions TheGreenBow TheGreenBow VPN Client Windows Enterprise 7.5
TheGreenBow TheGreenBow VPN Client Windows Enterprise 7.6

CWE Classification

CWE-299

References

{
    "lastseen": "",
    "description": "Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.",
    "published": "2025-10-27T11:30:24.102Z",
    "modified": "2025-10-27T13:19:15.842Z",
    "type": "cve",
    "title": "Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-validation-ocsp-certificates-thegreenbow-vpn-client-windows\nhttps://www.thegreenbow.com/en/support/security-alerts/",
    "id": "CVE-2025-11955",
    "bulletinFamily": "",
    "cwe": [
        "CWE-299"
    ],
    "cvelist": null,
    "sourceData": "TheGreenBow TheGreenBow VPN Client Windows Enterprise 7.5\nTheGreenBow TheGreenBow VPN Client Windows Enterprise 7.6",
    "sourceHref": "",
    "cvss": {
        "score": 8.2,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TheGreenBow VPN Client Windows Enterprise",
    "version": "7.5",
    "vendor": "TheGreenBow",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise_CVE-2025-11955