Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/wolfssl@0.1.1
Typepypi
Namespace
Namewolfssl
Version0.1.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.8.4.post0
Latest_non_vulnerable_version5.8.4.post0
Affected_by_vulnerabilities
0
url VCID-6455-uzn2-9qhf
vulnerability_id VCID-6455-uzn2-9qhf
summary 
wolfSSL Python module vulnerable to Improper Authentication
A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.

Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided.

This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake.

The issue affects versions up to and including 5.8.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15346
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20555
published_at 2026-06-08T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.20566
published_at 2026-06-09T12:55:00Z
2
value 0.00066
scoring_system epss
scoring_elements 0.20666
published_at 2026-06-06T12:55:00Z
3
value 0.00066
scoring_system epss
scoring_elements 0.20624
published_at 2026-06-07T12:55:00Z
4
value 0.00069
scoring_system epss
scoring_elements 0.21358
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15346
1
reference_url https://github.com/wolfSSL/wolfssl-py
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/wolfSSL/wolfssl-py
2
reference_url https://github.com/wolfSSL/wolfssl-py/commit/b4517dece79f682a8f453abce5cfc0b81bae769d
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-08T19:22:43Z/
url https://github.com/wolfSSL/wolfssl-py/commit/b4517dece79f682a8f453abce5cfc0b81bae769d
3
reference_url https://github.com/wolfSSL/wolfssl-py/pull/62
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-08T19:22:43Z/
url https://github.com/wolfSSL/wolfssl-py/pull/62
4
reference_url https://github.com/wolfSSL/wolfssl-py/releases/tag/v5.8.4-stable
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-01-08T19:22:43Z/
url https://github.com/wolfSSL/wolfssl-py/releases/tag/v5.8.4-stable
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-15346
reference_id CVE-2025-15346
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-15346
6
reference_url https://github.com/advisories/GHSA-vj87-jj27-4h9c
reference_id GHSA-vj87-jj27-4h9c
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vj87-jj27-4h9c
fixed_packages
0
url pkg:pypi/wolfssl@5.8.4.post0
purl pkg:pypi/wolfssl@5.8.4.post0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/wolfssl@5.8.4.post0
aliases CVE-2025-15346, GHSA-vj87-jj27-4h9c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6455-uzn2-9qhf
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/wolfssl@0.1.1