CVE-2025-11187

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.4.0 through 3.6.0

Description The vulnerability relates to improper validation of PBMAC1 parameters within PKCS#12 files. Specifically, the PBKDF2 salt and keylength parameters are used without sufficient validation during MAC verification. If the keylength value exceeds the size of a fixed stack buffer (64 bytes), a stack-based buffer overflow can occur. Additionally, if the salt parameter is not an OCTET STRING type, it can lead to an invalid or NULL pointer dereference. Exploitation requires processing a maliciously crafted PKCS#12 file. This can result in a denial of service (DoS) due to application crashes, and potentially enable code execution depending on platform mitigations. The FIPS modules in versions 3.6, 3.5, and 3.4 are not affected, as PKCS#12 processing falls outside the FIPS module boundary. The vulnerability is triggered when verifying a PKCS#12 file that uses PBMAC1 for the MAC. Attackers can deliver a malicious .p12/.pfx file to systems that import or validate PKCS#12 files from external sources.

Recommendations Upgrade to OpenSSL version 3.4.1, 3.5.1, or 3.6.1 or later. Restrict or disable PKCS#12 import/upload features where feasible. Add strict validation controls, including file size limits and content-type enforcement. Isolate PKCS#12 parsing into a sandboxed or helper process. Monitor for crashes or segmentation faults in certificate-handling components and OpenSSL error patterns related to PKCS#12 verification. Identify all services that parse .p12/.pfx files.