9.3
/ 10
CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y
Description
A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.
Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided.
This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake.
The issue affects versions up to and including 5.8.2.
Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided.
This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake.
The issue affects versions up to and including 5.8.2.
AI Analysis
Improper authentication due to incorrect handling of client certificate requirements in wolfSSL Python library
Basic Information
ID
CVE-2025-15346
Source
wolfSSL
Published
Jan 7, 2026 at 23:32
Affected Product
Vendor
wolfSSL
Product
wolfSSL-py
Version
5.3.0
Affected Versions
wolfSSL wolfSSL-py 5.3.0
CWE Classification
AI Assessment
AI Score
9.3 / 10
AI Severity
Critical
Vendor
wolfSSL
Product
wolfSSL-py
Version
up to 5.8.2