Incorrect validation of OCSP certificates
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2025-006 | CVE-2025-11955 | 10/02/2025 | high | v1 |
Vulnerability details
Incorrect validation of OCSP certificates vulnerability in Stormshield VPN Client Exclusive v 7.5.109 During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Network VPN Client | high | Impacted |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 11/27/2025 | Initial release |
Stormshield Network VPN Client |
CVSS v3.1 Overall Score: 8.1
|
Analysis |
Impacted version |
|
During the IKEv2 authentication step, the VPN client with OCSP enabled establishes the tunnel even if it doesn’t receive an OCSP response or if the OCSP response signature is invalid. We recommend not using this feature or disabling it to avoid security vulnerabilities. Using a CRL remains the most secure way to revoke a gateway. |
|
Workaround solution |
Solution |
|
Avoid using the OCSP feature or disable it. |
As a reminder, Stormshield no longer provides new versions of VPN Client Exclusive above 7.5. Please contact TheGreenBow (support@thegreenbow.com) to get new versions. The feature will be removed in the next minor version (version 7.7) provided only by TheGreenBow, It will be reintroduced properly in the next major version provided by TheGreenBow
|
| Attack Vector | Attack Complexity | Privileges Required | User Interaction | Scope | Confidentiality Impact | Integrity Impact | Availability impact |
|---|---|---|---|---|---|---|---|
| Network | Low | High | None | Changed | High | None | None |
| CVSS Base score: 6.8 | CVSS Vector: (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N) |
| Exploit Code Maturity | Remediation Level | Report Confidence |
|---|---|---|
| Proof of concept code | Unavailable | Reasonable |
| CVSS Temporal score: 6.2 | CVSS Vector: (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:R) |
| Attack Vector (MAV) | Attack Complexity (MAC) | Privileges Required (MPR) | User Interaction (MUI) | Scope (MS) |
|---|---|---|---|---|
| Network | Low | High | None | Changed |
| Confidentiality Impact (MC) | Integrity Impact (MI) | Availability Impact (MA) |
|---|---|---|
| High | None | None |
| Confidentiality Requirement (CR) | Integrity Requirement (IR) | Availability Requirement (AR) |
|---|---|---|
| High | Low | Low |
| CVSS Environmental score: 8.1 | CVSS Vector: (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:P/RL:U/RC:R/CR:H/IR:L/AR:L/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X) |