CVE-2025-11955
CVE-2025-11955 is a high-severity vulnerability with a CVSS 4.0 base score of 8.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-299.
Key facts
- Severity: High (CVSS 4.0 base score 8.2)
- EPSS exploit prediction: 0% (17th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-36160
- Weakness: CWE-299
- Published:
- Last modified:
Description
Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.
Frequently asked questions
- What is CVE-2025-11955?
- Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.
- How severe is CVE-2025-11955?
- CVE-2025-11955 has a CVSS 4.0 base score of 8.2, rated high severity.
- Is CVE-2025-11955 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (17th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-11955?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2025-11955 have an EU (EUVD) identifier?
- Yes. CVE-2025-11955 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-36160.
- When was CVE-2025-11955 published?
- CVE-2025-11955 was published on 2025-10-27 and last updated on 2026-06-17.
References
- https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-validation-ocsp-certificates-thegreenbow-vpn-client-windows
- https://www.thegreenbow.com/en/support/security-alerts/
Other CWE-299 vulnerabilities
- CVE-2025-3085 — High (CVSS 8.1): A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails…
- CVE-2026-4428 — High (CVSS 7.4): A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly…
- CVE-2020-16228 — Medium (CVSS 6.4): In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01,…
- CVE-2026-6899 — Medium (CVSS 5.6): Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in…
- CVE-2025-36057 — Medium (CVSS 5.2): IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local…
- CVE-2024-56138 — Medium (CVSS 4.0): notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project…