A vulnerability in Stormshield Network VPN Client version 7.5.109 enables attackers to bypass security policies, according to the CERT‑FR advisory issued on December 1, 2025. The issue, identified as CVE‑2025‑11955, was first reported in StormShield’s security bulletin 2025‑006 on November 27, 2025. The vulnerability allows an attacker to circumvent security controls within the VPN client. Systems using the affected version should consult the vendor’s security bulletin for patches and updates. The vulnerability could allow an attacker to bypass network security policies, potentially exposing sensitive data or enabling further attacks. Administrators are urged to apply the available patches immediately to mitigate the risk. Users can find further details and remediation steps in the StormShield advisory at https://advisories.stormshield.eu/2025-006 and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-11955.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1053/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.