SecuriTricks - CVE-2025-11955

Description

Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.

Product(s) Impacted

Vendor	Product	Versions
Thegreenbow	Vpn	7.5, 7.6

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-299

Improper Check for Certificate Revocation

The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	thegreenbow	vpn	7.5	/	/	/	/	/	/	/
a	thegreenbow	vpn	7.6	/	/	/	/	/	/	/

References

https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-validation-ocsp-certificates-thegreenbow-vpn-client-windows

https://www.thegreenbow.com/en/support/security-alerts/

CVSS Score

8.2 / 10

CVSS Data - 4.0

Attack Vector: NETWORK
Attack Complexity: HIGH
Attack Requirements: PRESENT
Privileges Required: NONE
User Interaction: NONE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: Oct. 27, 2025, 12:15 p.m.
Last Modified: Oct. 27, 2025, 1:19 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve-coordination@incibe.es

CVE-2025-11955