CVE-2025-15467

CVSS v2.0

Critical

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 OpenSSL versions 3.0.19, 3.3.6, 3.4.4, 3.5.5, and 3.6.1 are not affected. OpenSSL 1.1.1 and 1.0.2 are not affected.

Description OpenSSL is vulnerable to a stack buffer overflow in the parsing of CMS AuthEnvelopedData messages with maliciously crafted AEAD parameters. An attacker can supply a crafted CMS message with an oversized Initialization Vector (IV) to trigger a stack-based out-of-bounds write before authentication or tag verification occurs. This vulnerability can lead to a denial of service (DoS) or potentially remote code execution (RCE). The FIPS modules in versions 3.6, 3.5, 3.4, 3.3, and 3.0 are not affected.

Recommendations Update OpenSSL to version 3.0.19, 3.3.6, 3.4.4, 3.5.5, or 3.6.1.

Exploit

Fix

DoS

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2026:1472

ALSA-2026:1473

BDU:2026-00890

CVE-2025-15467

ECHO-DECB-8594-A95C

MGASA-2026-0029

OESA-2026-1310

OESA-2026-1311

OESA-2026-1312

OPENSUSE-SU-2026:10237-1

OPENSUSE-SU-2026:20152-1

RHSA-2026:1472

RHSA-2026:1473

RHSA-2026:1496

RHSA-2026:1503

RHSA-2026:1519

RHSA-2026:1594

RHSA-2026:1733

SUSE-SU-2026:0309-1

SUSE-SU-2026:0310-1

SUSE-SU-2026:0311-1

SUSE-SU-2026:0312-1

SUSE-SU-2026:20211-1

SUSE-SU-2026:20223-1

SUSE-SU-2026:20349-1

SUSE-SU-2026:20373-1

SUSE-SU-2026:20542-1

SUSE-SU-2026:20607-1

USN-7980-1

Affected Products

Freebsd

Ibm Aix

Linuxmint

Openssl 3.0

Openssl 3.1

Openssl 3.2

Openssl 3.3

Openssl 3.4

Openssl 3.5

Openssl 3.6

Openssl

Rocky Linux

Ubuntu

CVE-2025-15467

Weakness Enumeration

Related Identifiers

Affected Products

References · 189