CVE-2025-13912 LOW

CVE-2025-13912: Potential non-constant time compiled code with Clang LLVM

Vendor Wolfssl
Product wolfSSL
Weakness CWE-203
Published December 11, 2025
Last update December 11, 2025

CVSS base score

1.0/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks.

Key dates

02Disclosure timeline

December 11, 2025 CVE published
December 11, 2025 Record updated