Updates have been released by the OpenSSL Project to fix three open-source SSL/TLS toolkit vulnerabilities, Security Affairs reports.First of the issues is the medium-severity out-of-bounds read/write flaw, tracked as CVE-2025-9230, that could be leveraged to enable denial-of-service and code execution, according to the OpenSSL Project, which noted the low likelihood of exploitation.Another medium-severity bug, tracked as CVE-2025-9231, provides a timing side-channel that could facilitate private key recovery among threat actors. Meanwhile, attackers could harness the low-severity defect, tracked as CVE-2025-9232, to cause DoS.Immediate implementation of OpenSSL Library versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm, and 1.1.1zd has been recommended to remediate the issues.Such a development comes months after the OpenSSL Project patched the high-severity secure communications library bug, tracked as CVE-2024-12797. OpenSSL was noted to have substantially bolstered its cybersecurity measures since the emergence of the Heartbleed security flaw.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds