cve 2025 7395

CVE-2025-7395 is a high-severity vulnerability in the wolfSSL library that bypasses certificate validation when Apple native validation is enabled. The flaw allows a malicious or misconfigured server to present a certificate issued by a trusted Certificate Authority that is accepted for any hostname, overriding wolfSSL's internal checks such as hostname verification, OCSP/CRL validation, and chain errors. This occurs because the Apple-native verification routine can mask earlier failures, leading to improper acceptance of certificates. The vulnerability affects systems using wolfSSL with system CA usage and Apple native validation enabled, posing a significant security risk for applications relying on proper TLS certificate validation.