CVE-2025-15467

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 OpenSSL version 1.1.1 and 1.0.2 are not affected.

Description A flaw exists in how OpenSSL parses CMS AuthEnvelopedData messages that utilize AEAD ciphers like AES-GCM. Specifically, the Initialization Vector (IV) encoded within the ASN.1 parameters is copied into a stack buffer without sufficient length validation. An attacker can exploit this by supplying a crafted CMS message containing an oversized IV, leading to a stack-based buffer overflow. This overflow occurs before authentication, meaning no valid key material is needed for exploitation. While achieving remote code execution depends on platform and toolchain mitigations, the overflow represents a significant risk. It is estimated that over 23 million devices are potentially affected worldwide. The issue impacts applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as S/MIME AuthEnvelopedData with AES-GCM. The vulnerable code handles the

AuthEnvelopedData

structure and copies the IV into a stack buffer.

Recommendations OpenSSL versions 3.0 through 3.3 are vulnerable. OpenSSL versions 3.4 through 3.5 are vulnerable. OpenSSL version 3.6 is vulnerable.