client failing to properly verify the server certificate's domain name,
allowing any certificate issued by a trusted CA to be accepted regardless of the hostname.
Metrics
Affected Vendors & Products
Solution
Upgrade to wolfSSL commit fbc483e23a3e42d5430a838230db1f8c90b88d41 or newer
Workaround
Manually load CA certificates into wolfSSL instead of relying on apple native certificate verification, or upgrade to wolfSSL commit fbc483e23a3e42d5430a838230db1f8c90b88d41 or newer
Link | Providers |
---|---|
http://github.com/wolfssl/wolfssl.git |
![]() ![]() |
Mon, 21 Jul 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 18 Jul 2025 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardless of the hostname. | |
Title | Domain Name Validation Bypass with Apple Native Certificate Validation | |
Weaknesses | CWE-295 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: wolfSSL
Published:
Updated: 2025-07-21T14:56:52.762Z
Reserved: 2025-07-09T16:38:39.054Z
Link: CVE-2025-7395

Updated: 2025-07-21T14:56:45.588Z

Status : Awaiting Analysis
Published: 2025-07-18T23:15:23.657
Modified: 2025-07-22T13:06:07.260
Link: CVE-2025-7395

No data.

Updated: 2025-07-21T15:17:07Z