CVE-2025-11955 HIGH

CVE-2025-11955: Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise

Vendor Thegreenbow
Product TheGreenBow VPN Client Windows Enterprise
Weakness CWE-299
Published October 27, 2025
Last update October 27, 2025

CVSS base score

8.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.

Key dates

02Disclosure timeline

October 27, 2025 CVE published
October 27, 2025 Record updated