CVE-2025-15382
Published: 06 January 2026
Summary
CVE-2025-15382 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Wolfssh Wolfssh. Its CVSS base score is 5.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 21.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-15382 is a heap buffer over-read vulnerability in the wolfSSH_CleanPath() function within the wolfSSH library. The issue arises when processing crafted SCP path input containing '/./' sequences, leading to a one-byte heap over-read. It affects wolfSSH implementations that handle SCP operations.
An authenticated remote attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L) and no user interaction required (UI:N). Successful exploitation results in high confidentiality (C:H) and availability (A:H) impacts, but no integrity impact (I:N), under an unchanged scope (S:U), as reflected in its CVSS v3.1 base score of 8.1. The attacker can trigger the over-read to potentially disclose sensitive heap memory contents or cause denial-of-service.
Mitigation is addressed in a patch available via the wolfSSL wolfssh GitHub pull request #859, which security practitioners should review and apply to affected versions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-0989
Vulnerability details
A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remotely exploitable heap buffer over-read in wolfSSH SCP path handling, directly enabling exploitation of a remote service (SSH/SCP) for memory disclosure or DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the vulnerability by requiring timely application of the available wolfSSL wolfssh patch for the heap buffer over-read in wolfSSH_CleanPath().
Implements memory protection safeguards such as bounds checking and heap isolation to prevent exploitation of the one-byte heap over-read triggered by crafted SCP paths.
Requires validation of SCP path inputs to reject or sanitize crafted '/./' sequences before they reach the vulnerable wolfSSH_CleanPath() function.