CVE-2025-7844 is a stack-based buffer overflow vulnerability identified in the wolfTPM component of wolfSSL Inc.'s wolfTPM library. The vulnerability arises when exporting a TPM-based RSA key larger than 2048 bits from the TPM module if the default build-time macro MAX_RSA_KEY_BITS is set to 2048 bits. Specifically, if the TPM 2.0 hardware supports RSA keys larger than 2048 bits and the application creates or imports RSA keys exceeding this size, invoking the wolfTPM2_RsaKey_TpmToWolf function on such keys can cause a stack buffer overrun. This occurs because the buffer allocated for the RSA key data is sized based on the default MAX_RSA_KEY_BITS value, which is insufficient for keys larger than 2048 bits. The overflow could potentially overwrite adjacent stack memory, leading to undefined behavior, including application crashes or memory corruption. However, if the MAX_RSA_KEY_BITS macro is correctly configured at build time to match the maximum RSA key size supported by the TPM hardware, the buffer overflow condition is prevented. The vulnerability is categorized under CWE-121 (Stack-based Buffer Overflow). The CVSS v4.0 score assigned is 1.0 (low severity), reflecting the requirement for local access (attack vector: physical or local), high attack complexity, and partial attack prerequisites. No known exploits are reported in the wild, and no patches are currently linked. The vulnerability primarily affects applications using wolfTPM with TPM 2.0 modules capable of handling RSA keys larger than 2048 bits and that have not adjusted the MAX_RSA_KEY_BITS macro accordingly.

For European organizations, the impact of this vulnerability is generally low but context-dependent. Organizations utilizing TPM 2.0 hardware with support for RSA keys larger than 2048 bits in conjunction with wolfTPM-based applications could experience application instability or crashes if the vulnerability is triggered. While the buffer overflow could theoretically be exploited to execute arbitrary code or cause denial of service, the low CVSS score and high attack complexity suggest limited practical exploitation potential. Confidentiality, integrity, and availability impacts are minimal under typical conditions, especially since exploitation requires local access and specific application configurations. However, organizations relying on TPM for critical cryptographic operations, such as secure key storage or attestation in sensitive environments (e.g., government, finance, or critical infrastructure), should consider the risk of potential service disruption or security bypasses if the vulnerability is exploited. The lack of known exploits reduces immediate threat levels, but the vulnerability highlights the importance of correct configuration and build-time parameterization in cryptographic libraries. Overall, the threat is more operationally disruptive than a direct vector for widespread compromise.

To mitigate this vulnerability, European organizations should: 1) Review and verify the build-time configuration of wolfTPM, ensuring that the MAX_RSA_KEY_BITS macro is set to match the maximum RSA key size supported by their TPM 2.0 hardware. This prevents buffer overruns by allocating sufficient stack space. 2) Audit applications that use wolfTPM to confirm they do not create or import RSA keys larger than 2048 bits unless the build configuration supports it. 3) Implement strict code review and testing procedures for cryptographic modules to detect and prevent buffer overflow conditions. 4) Monitor vendor communications for patches or updates from wolfSSL Inc. and apply them promptly once available. 5) Limit local access to systems running vulnerable wolfTPM versions to trusted personnel only, reducing the risk of exploitation. 6) Employ runtime protections such as stack canaries, address space layout randomization (ASLR), and control flow integrity (CFI) to mitigate the impact of potential buffer overflows. 7) Consider using alternative TPM middleware or updated wolfTPM versions that explicitly address this vulnerability if available.