CVE-2025-15469

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.5 and 3.6

Description The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. This can lead a user to believe an entire file is authenticated when trailing data beyond 16MB remains unauthenticated. The issue affects only the command-line tool behavior and does not impact verifiers that process the full message using library APIs. Streaming digest algorithms for 'openssl dgst' and library users are also unaffected. The issue occurs when using one-shot signing algorithms such as Ed25519, Ed448, or ML-DSA. The tool truncates the input to the first 16MB and continues without signaling an error, creating an integrity gap where trailing bytes can be modified without detection if both signing and verification are performed using the same affected codepath.

Recommendations OpenSSL version 3.5: Avoid signing or verifying files larger than 16MB with one-shot signing algorithms using the 'openssl dgst' command-line tool. OpenSSL version 3.6: Avoid signing or verifying files larger than 16MB with one-shot signing algorithms using the 'openssl dgst' command-line tool.