Encryption, Vulnerability Management, Patch/Configuration Management

OpenSSL patches 12 vulnerabilities, including high-severity RCE flaw

(Adobe Stock)

OpenSSL has released security updates addressing 12 vulnerabilities within its open-source cryptographic library. Among these is a high-severity remote code execution (RCE) flaw, with all 12 flaws discovered by cybersecurity firm Aisle, Security Affairs reports.

The vulnerabilities primarily stem from memory safety, parsing robustness, and resource handling issues. The two most severe flaws, CVE-2025-15467 and CVE-2025-11187, involve stack buffer overflows in CMS/PKCS#7 AEAD parsing and PKCS#12 PBMAC1 processing, respectively. These could lead to denial of service (DoS) and potentially RCE.

Other vulnerabilities include NULL pointer dereferences, type-confusion bugs, and out-of-bounds writes across various parsing and handling functions, as well as a logic bug in the CLI signing tool and a TLS 1.3 certificate compression issue causing memory exhaustion. The majority of the remaining 10 flaws are assessed as low severity, mainly impacting availability or integrity in specific scenarios.

Source: Security Affairs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds