Home > Vulnerability Database > CVE-2025-7844

Mend.io Vulnerability Database

CVE-2025-7844

Good to know:

Date: August 4, 2025

Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default "MAX_RSA_KEY_BITS=2048" is used. If your TPM 2.0 module supports RSA key sizes larger than 2048 bit and your applications supports creating or importing an RSA private or public key larger than 2048 bits and your application calls "wolfTPM2_RsaKey_TpmToWolf" on that key, then a stack buffer could be overrun. If the "MAX_RSA_KEY_BITS" build-time macro is set correctly (RSA bits match what TPM hardware is capable of) for the hardware target, then a stack overrun is not possible.

Severity Score

2.2

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-7844

Url: https://github.com/wolfSSL/wolfTPM/pull/427

Url: https://www.mend.io/vulnerability-database/CVE-2025-7844

Severity Score

2.2

Weakness Type (CWE)

Stack-based Buffer Overflow

CWE-121

Top Fix

Upgrade Version

Upgrade to version https://github.com/wolfSSL/wolfTPM.git - v3.9.2

Learn More

CVSS v3.1

Base Score:	2.2
Attack Vector (AV):	PHYSICAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-7844

Good to know:

Date: August 4, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?