Important wolfSSL Update: Critical Apple Trust Store Bypass & Predictable Randomness Flaws Patched

The developers of the lightweight TLS/SSL implementation wolfSSL have issued a security advisory addressing multiple vulnerabilities in the popular library used across embedded systems, IoT devices, and cloud infrastructure. The newly released version 5.8.2 mitigates four vulnerabilities—ranging from high to low severity—that could impact cryptographic integrity and secure communication.

CVE-2025-7395 (CVSSv4 9.2) – Apple Platform Trust Store Bypass

One of the most significant issues fixed in this release is a certificate verification flaw affecting Apple platforms. When WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION are enabled, Apple’s native trust store overrides critical verification failures in the wolfSSL certificate chain logic.

“This allows any trusted cert chain to override other errors detected during chain verification that should have resulted in termination of the TLS connection,” the advisory explained.

This flaw affects versions after 5.7.6 and before 5.8.2. The issue, discovered by Thomas Leong from ExpressVPN, is especially critical for non-macOS Apple devices, where the flawed validation behavior is enabled by default via autotools or CMake.

CVE-2025-7394 (CVSSv4 7.0) – Predictable Randomness Post-fork()

In the OpenSSL compatibility layer, the function RAND_poll() failed to reseed properly after a fork(), leading to potential predictability in random values returned by RAND_bytes().

Though the vulnerability does not affect wolfSSL’s internal TLS operations, applications relying on RAND_bytes() after forking could be vulnerable.

CVE-2025-7396 (CVSSv4 5.6) – Curve25519 Side-Channel Hardening

wolfSSL 5.8.0 introduced optional blinding support for Curve25519 key operations to protect against side-channel attacks. This protection is now enabled by default in 5.8.2 builds where it applies.

“While the attack would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation,” the advisory states.

Note: Blinding is only available in base C implementations and not compatible with ARM/Intel assembly builds or the small Curve25519 feature.

Fault Injection Mitigation for ECC and Ed25519

Lastly, the update introduces the –enable-faultharden option to mitigate fault injection attacks during ECC and Ed25519 verification operations. This protects cryptographic integrity for devices susceptible to physical tampering.

“The mitigation added in wolfSSL version 5.7.6 is to help harden applications relying on the results of the verify operations, such as when used with wolfBoot,” the advsiory writes.

Update Recommended

All developers and security engineers using wolfSSL versions 5.7.6 through 5.8.1—especially those building for Apple devices or using forked environments—are strongly encouraged to upgrade to version 5.8.2.

Related Posts:

• Cross Fork Object Reference (CFOR): GitHub’s New Security Vulnerability
• Over 1,200 Entities Hit by TA571’s Forked IcedID Offensive