CVE-2025-15467

Published Jan 27, 2026

Last updated a day ago

OpenSSL
CMS AuthEnvelopedData

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-15467 is a stack buffer overflow vulnerability found in OpenSSL, specifically within its parsing of CMS AuthEnvelopedData. This flaw arises when OpenSSL processes Cryptographic Message Syntax (CMS) structures that utilize Authenticated Encryption with Associated Data (AEAD) ciphers, such as AES-GCM. The library fails to adequately verify that the length of the Initialization Vector (IV) fits into a fixed-size stack buffer. An attacker can exploit this vulnerability by sending a specially crafted CMS message containing an oversized IV. This can lead to a crash, resulting in a Denial of Service (DoS), or potentially enable remote code execution. The overflow occurs prior to any authentication or tag verification, meaning that no valid key material is required to trigger the issue. This vulnerability impacts OpenSSL versions 3.0 through 3.6.

Description
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Source
openssl-security@openssl.org
NVD status
Received

Weaknesses

openssl-security@openssl.org
CWE-787

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

35

  1. OpenSSL January 2026 update addresses multiple vulnerabilities across versions 1.0.2, 1.1.1, and 3.x. Critical CVE-2025-15467 involves CMS AuthEnvelopedData AEAD parsing buffer overflow enabling potential RCE. #OpenSSL #BufferOverflow #USA https://t.co/Acg5RJ87Y1

    @TweetThreatNews

    28 Jan 2026

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️ Vulnerabilidad en OpenSSL ❗ CVE-2025-15467 ➡️ Más info: https://t.co/vQDGNf1dbc https://t.co/0TgzkvUQNR

    @CERTpy

    28 Jan 2026

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Vulnerabilidad CVE-2025-15467 OpenSSL | Desbordamiento del búfer de pila en el análisis de CMS AuthEnvelopedData #OpenSSL #CVE_2025_15467 #BufferOverflow https://t.co/ZnQbWnsPTd https://t.co/os6VniHzBE

    @_Ninhack

    28 Jan 2026

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CYBERDUDEBIVASH® Releases CMS IV Scanner to Mitigate CVE-2025-15467 and Related OpenSSL CMS IV Exploitation Risks Read the report below & grab the scanner now - https://t.co/VOGGzeuJwC https://t.co/b34Ldt0b3l

    @cyberbivash

    28 Jan 2026

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. OpenSSL Security Advisory 27th January 2026 https://t.co/FJSrYGvNwy 12 CVEs, 2 stack-based buffer overflows CVE-2025-15467 Stack buffer overflow in CMS AuthEnvelopedData parsing (High) CVE-2025-11187 Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (Moderate)

    @oss_security

    28 Jan 2026

    1186 Impressions

    4 Retweets

    11 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-15467: The OpenSSL Stack Overflow That Bypasses the Front Door. Read the full report on - https://t.co/8Pjl0n5DBh https://t.co/clZC8Dd3oC

    @cyberbivash

    28 Jan 2026

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. ⚠️⚠️ CVE-2025-15467 in OpenSSL allows for unauthenticated stack overflows via crafted CMS messages. Potential for Remote Code Execution (RCE) makes this a priority patch for sysadmins. 🔗FOFA Link: https://t.co/o336k59BR3 🎯23M+ Results are found on the https://t.co/p

    @fofabot

    28 Jan 2026

    1475 Impressions

    9 Retweets

    21 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CRITICAL OPENSSL SECURITY ALERT 🚨 CVE-2025-15467 affects OpenSSL's processing of CMS/S/MIME messages. An unauthenticated remote attacker can cause DoS or execute code remotely by crafting a specific message. We estimate the CVSS score is 9.8. We developed a working Po

    @IntCyberDigest

    27 Jan 2026

    49751 Impressions

    132 Retweets

    581 Likes

    262 Bookmarks

    7 Replies

    11 Quotes

  9. OpenSSLの脆弱性(High: CVE-2025-15467, Moderate: CVE-2025-11187, Low: CVE-2025-15468等, CVE-2026-22795, 22796)と新バージョン(3.6.1, 3.5.5, 3.4.4, 3.3.6, 3.0.19) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #ssl #openssl https://t.co/7ZoDJS4OGU

    @omokazuki

    27 Jan 2026

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. OpenSSLに12件の新規脆弱性が発見され、パッチが公開されました。うち1件(CVE-2025-15467)はRCE可能な高深刻度とのこと。AI駆動の脆弱性発見が成果を上げた事例ですね。早急な更新を。 https://t.co/pfxTNEI9tE #脆弱

    @dejital_secure

    27 Jan 2026

    125 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. oss-sec: OpenSSL Security Advisory Moderate: CVE-2025-11187 High: CVE-2025-15467 Low: CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796 https://t.co/CaU8ZbmxPD

    @teenigma_

    27 Jan 2026

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. OpenSSL 3.6.1 Is Now Available with Important Security Patches and Bug Fixes This release addresses CVE-2025-11187, CVE-2025-15467, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, and CVE-2025-69419. https://t.co/B6IFeEISru

    @ytroncal

    27 Jan 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-15467 Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer ove… https://t.co/DNj07EXCtW

    @CVEnew

    27 Jan 2026

    156 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. RHEL7 8 9のopensslはnot affected RHEL10のみaffected 評価は 9.8 important // CVE-2025-15467 - Red Hat Customer Portal https://t.co/v5a7aiVl9c

    @w4yh

    27 Jan 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. HighはCVE-2025-15467の1件だけですが積み残しのLowがたくさんですね CVE-2025-15467は"OpenSSL 1.1.1 and 1.0.2 are not affected by this issue."ですしS/MIME処理してるサーバーは私の手持ちには無いかな... < OpenSSL // https://t.co/uPbTgMsMZ

    @w4yh

    27 Jan 2026

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.