PT-2025-39986 · Openssl+12 · Openssl+12

Stanislav Fort

+1

·

Published

2025-09-30

·

Updated

2026-03-10

·

CVE-2025-9230

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions:
OpenSSL versions prior to 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd, and 1.0.2zm.
Description:
OpenSSL contains vulnerabilities due to out-of-bounds read and write issues. Specifically, an out-of-bounds read and write can occur when decrypting CMS messages encrypted using password-based encryption, potentially leading to a crash or memory corruption. Additionally, an out-of-bounds read can occur in the HTTP client API functions when the 'no proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. The FIPS modules in OpenSSL versions 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected.
Recommendations:
Upgrade OpenSSL to version 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd, or 1.0.2zm to address these vulnerabilities.

Fix

DoS

RCE

Out of bounds Read

Memory Corruption

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALSA-2025:21248
ALSA-2025:21255
ALSA-2026:0337
ALSA-2026:2776
ALT-PU-2025-12545
AZL-67980
AZL-67997
AZL-68082
AZL-78576
BDU:2025-12885
CVE-2025-9230
DLA-4321-1
DSA-6015-1
ECHO-0E8B-E5B4-4661
FREEBSD-SA-25_08
INFSA-2025_21255
MGASA-2025-0241
MGASA-2025-0244
OESA-2025-2485
OESA-2025-2486
OESA-2025-2487
OESA-2025-2488
OESA-2025-2489
OESA-2025-2490
OESA-2025-2502
OESA-2025-2503
OESA-2025-2504
OESA-2025-2505
OESA-2025-2506
OESA-2025-2612
OPENSUSE-SU-2025:15723-1
OPENSUSE-SU-2025:20164-1
OPENSUSE-SU-2026:10237-1
OPENSUSE-SU-2026:20673-1
RHSA-2025:21174
RHSA-2025:21248
RHSA-2025:21255
RHSA-2025:21562
RHSA-2025:22794
RHSA-2025_21255
RHSA-2026:0337
RHSA-2026:0602
RHSA-2026:0714
RHSA-2026:0794
RHSA-2026:0887
RHSA-2026:1349
RHSA-2026:1475
RHSA-2026:1720
RHSA-2026:18320
RHSA-2026:2771
RHSA-2026:2776
RHSA-2026:2994
RHSA-2026:3164
RHSA-2026:7261
SUSE-SU-2025:03437-1
SUSE-SU-2025:03438-1
SUSE-SU-2025:03439-1
SUSE-SU-2025:03440-1
SUSE-SU-2025:03441-1
SUSE-SU-2025:03442-1
SUSE-SU-2025:03443-1
SUSE-SU-2025:03463-1
SUSE-SU-2025:03464-1
SUSE-SU-2025:03522-1
SUSE-SU-2025:03523-1
SUSE-SU-2025:03546-1
SUSE-SU-2025:03586-1
SUSE-SU-2025:03630-1
SUSE-SU-2025:03632-1
SUSE-SU-2025:03635-1
SUSE-SU-2025:20867-1
SUSE-SU-2025:20896-1
SUSE-SU-2025:20910-1
SUSE-SU-2025:21213-1
SUSE-SU-2025:21224-1
SUSE-SU-2025:3758-1
SUSE-SU-2025:3917-1
SUSE-SU-2025:4126-1
SUSE-SU-2025_03437-1
SUSE-SU-2025_03438-1
SUSE-SU-2025_03439-1
SUSE-SU-2025_03440-1
SUSE-SU-2025_03441-1
SUSE-SU-2025_03442-1
SUSE-SU-2025_03443-1
SUSE-SU-2025_03463-1
SUSE-SU-2025_03464-1
SUSE-SU-2025_03546-1
SUSE-SU-2025_03630-1
SUSE-SU-2025_03635-1
SUSE-SU-2025_4126-1
SUSE-SU-2026:20542-1
SUSE-SU-2026:20607-1
SUSE-SU-2026:21544-1
USN-7786-1

Affected Products

Alt Linux
Almalinux
Debian
Freebsd
Ibm Aix
Linuxmint
Mysql Server
Openssl
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu