Unrated severityOSV Advisory· Published Jan 6, 2026· Updated Jan 6, 2026

Client SCP Request Triggers Buffer Overread by 1 Byte

CVE-2025-15382

Description

A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.

Affected products

WolfSSL/WolfsshOSV
Range: v1.4.12-stable, v1.4.13-stable, v1.4.14-stable, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wolfSSL/wolfssh/pull/859mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000