CVE-2025-3416

Published Apr 8, 2025

Last updated 9 days ago

CVSS low 3.7

AWS

Overview

Description: A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Source: secalert@redhat.com
NVD status: Deferred

Risk scores

CVSS 3.1

Type: Secondary
Base score: 3.7
Impact score: 1.4
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: LOW

Weaknesses

secalert@redhat.com: CWE-416

Hype score: Not currently trending

🚨 URGENT: #SUSE Linux 15 SP7 snpguest update (2026-0620-1) is out! Patches critical CVE-2026-25727 (stack exhaustion) & CVE-2025-3416 (Use-After-Free). Update to v0.10.0 NOW to secure your SEV-SNP workloads. Read more:👉 https://t.co/Up9u8Icbty #Security https://t.co/qg
@Cezar_H_Linux
25 Feb 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Patch Alert for #openSUSE Leap 15.6 🚨 Moderate threat update 2025:03307-1 is live for sevctl. Addresses: CVE-2024-12224 (idna validation flaw). CVE-2025-3416 (OpenSSL use-after-free). Read more: 👉 https://t.co/KmPeaQuXbD #Security https://t.co/EXSHOx5acX
@Cezar_H_Linux
23 Sept 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-3416 Alert: Patch #python-cryptography NOW if you use: ✅ #SUSE Linux Enterprise 15 SP6 ✅ openSUSE Leap 15.6 ✅ Python 3 Module 15-SP6 CVSS 6.3/3.7 – OpenSSL use-after-free fix. Details: Read more: 👉 https://t.co/4BJQ0f635X #DevSecOps #SUSE ht
@Cezar_H_Linux
23 May 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔐 Critical Security Alert: Python-Maturin update patches CVE-2025-3416 (OpenSSL flaw) & CVE-2025-4574 (memory corruption). 🔗 Patch guide:Read more: 👉https://t.co/4tZUtayGL4 #InfoSec #DevOps #SUSE https://t.co/BZRagfKFkk
@Cezar_H_Linux
20 May 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Patch NOW! 🚨 #openSUSE Leap 15.4 has a critical rustup flaw (CVE-2025-3416) – a use-after-free bug in OpenSSL. Fix: bash zypper in -t patch SUSE-2025-1560=1 Read more: 👉 https://t.co/MvoOjepD7Q #Linux #CyberSecurity #RustLang https://t.co/
@Cezar_H_Linux
18 May 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 Patch Alert: CVE-2025-3416 in cargo-c (rust-openssl) affects #openSUSE Leap 15.6. Low severity, but update now! ▶ zypper in -t patch SUSE-2025-1570=1 Read more: 👉 https://t.co/CYMSgPJxco #LinuxSecurity #RustLang https://t.co/lUBKkFK2BK
@Cezar_H_Linux
17 May 2025
39 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-3416 A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in un… https://t.co/9eJ6b3aSBC
@CVEnew
8 Apr 2025
272 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

CVE-2024-31884
Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.•CVE-2026-5707
Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.•CVE-2026-5708
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment.•CVE-2026-5709
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this issue, users should upgrade to version 2.1.0.0.•CVE-2026-35562

References

Sources include official advisories and independent security research.

https://nvd.nist.gov/vuln/detail/CVE-2025-3416
https://access.redhat.com/security/cve/CVE-2025-3416
https://bugzilla.redhat.com/show_bug.cgi?id=2357560
https://github.com/sfackler/rust-openssl
https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4
https://github.com/sfackler/rust-openssl/pull/2390
https://rustsec.org/advisories/RUSTSEC-2025-0022.html

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Related CVEs

References