OpenSSL has released security updates addressing 12 vulnerabilities within its open-source cryptographic library. Among these is a high-severity remote code execution (RCE) flaw, with all 12 flaws discovered by cybersecurity firm Aisle, Security Affairs reports.The vulnerabilities primarily stem from memory safety, parsing robustness, and resource handling issues. The two most severe flaws, CVE-2025-15467 and CVE-2025-11187, involve stack buffer overflows in CMS/PKCS#7 AEAD parsing and PKCS#12 PBMAC1 processing, respectively. These could lead to denial of service (DoS) and potentially RCE.Other vulnerabilities include NULL pointer dereferences, type-confusion bugs, and out-of-bounds writes across various parsing and handling functions, as well as a logic bug in the CLI signing tool and a TLS 1.3 certificate compression issue causing memory exhaustion. The majority of the remaining 10 flaws are assessed as low severity, mainly impacting availability or integrity in specific scenarios.Source: Security Affairs
Encryption, Vulnerability Management, Patch/Configuration Management
OpenSSL patches 12 vulnerabilities, including high-severity RCE flaw

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds


