CVE-2025-11955

Summary

Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.

Affected Software

VendorProductVersion RangeStatus
TheGreenBowTheGreenBow VPN Client Windows Enterprise7.5affected
TheGreenBowTheGreenBow VPN Client Windows Enterprise7.6affected

Weaknesses

  • CWE-299: CWE-299: Improper Check for Certificate Revocation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References