Vulnerability in Thegreenbow Vpn Client Windows Enterprise

CVE-2025-11955

Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if t…

EPSS: 0.000 (7.7th percentile) — read the EPSS interpretation.

Affected products

Thegreenbow Vpn Client Windows Enterprise — versions 7.5, 7.6

Weakness classification (CWE)

CWE-299 — Improper Check for Certificate Revocation

References

www.incibe.es/en/incibe-cert/notices/aviso/incorrect-validation-ocsp-certificat…
www.thegreenbow.com/en/support/security-alerts/ (vendor-advisory, patch)