CVE-2025-11955 is a vulnerability classified under CWE-299 (Improper Check for Certificate Revocation) affecting TheGreenBow VPN Client Windows Enterprise versions 7.5 and 7.6. The flaw arises during the IKEv2 authentication phase when the VPN client uses OCSP to verify the revocation status of certificates. Instead of enforcing strict validation, the client improperly accepts the absence of an OCSP response or an OCSP response with an invalid signature, allowing the VPN tunnel to be established regardless. This behavior undermines the security guarantees of certificate-based authentication by permitting revoked or malicious certificates to be accepted. The vulnerability has a CVSS 4.0 score of 8.2, reflecting high severity due to its network attack vector, no required privileges or user interaction, and high impact on confidentiality. Exploitation could enable attackers to gain unauthorized VPN access, potentially leading to lateral movement within corporate networks, data exfiltration, or disruption of services. Although no public exploits are known, the vulnerability's nature makes it a significant risk for organizations relying on TheGreenBow VPN for secure communications. The absence of patches at the time of disclosure necessitates immediate attention to alternative mitigations and monitoring.

For European organizations, this vulnerability poses a substantial risk to the confidentiality and integrity of their internal networks. Unauthorized access via compromised or revoked certificates could allow attackers to bypass perimeter defenses, access sensitive data, and move laterally within enterprise environments. Sectors such as finance, government, healthcare, and critical infrastructure that depend on VPNs for secure remote access are particularly vulnerable. The improper OCSP validation could facilitate advanced persistent threats (APTs) or insider threats exploiting revoked credentials. Given the VPN client’s role in securing remote connections, exploitation could disrupt business continuity and erode trust in secure communications. The high CVSS score underscores the potential for severe impact if exploited, especially in environments with high-value assets or regulatory compliance requirements like GDPR.

Organizations should immediately audit their use of TheGreenBow VPN Client versions 7.5 and 7.6 and restrict their deployment where possible. Until official patches are released, implement compensating controls such as enforcing strict certificate management policies, including manual revocation checks and certificate pinning where feasible. Enhance network monitoring to detect anomalous VPN connection attempts, especially those involving certificates that may be revoked or suspicious. Employ multi-factor authentication (MFA) to add an additional layer of security beyond certificate validation. Limit VPN access privileges to the minimum necessary and segment networks to reduce potential lateral movement. Engage with TheGreenBow support channels to obtain updates on patch availability and apply them promptly once released. Additionally, consider alternative VPN solutions with robust certificate validation mechanisms if immediate patching is not possible.