- Description
- Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.
- Source
- openssl-security@openssl.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- openssl-security@openssl.org
- CWE-125
- Hype score
- Not currently trending
kusanagi-openssl モジュール更新情報 3.5.4-1 KUSANAGI 9 を構成している各モジュールのアップデートを行いました。 アップデートにより適用される各モジュールのバージョンは、以下のとおりとなります。 openssl 3.5.
@kusanagi_saya
12 Dec 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent security advisory for the #openSUSE community. A significant vulnerability, CVE-2025-9230, impacts the legacy OpenSSL 1.0.0 library, posing a memory corruption risk. Read more: 👉 https://t.co/BgU3SroXcw #Security https://t.co/ANTGUBVLD2
@Cezar_H_Linux
18 Nov 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert! 🚨 CVE-2025-9230 affects OpenSSL (3.5 to 1.0.2) due to flawed CMS decryption, risking remote code execution! 🔓🛡️ Patch your systems now! https://t.co/4TNEaDhaem #CVE #OpenSSL #CyberSecurity https://t.co/opEG2xcBO3
@ReliableEmbSys
8 Oct 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-9230 (CVSS:7.5, HIGH) is Awaiting Analysis. Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an ou..https://t.co/zhsyK8yy2V #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
5 Oct 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The OpenSSL Project has released updates (3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd, 1.0.2zm) addressing 3 CVEs: CVE-2025-9230: Out-of-bounds R/W → possible RCE or DoS CVE-2025-9231: SM2 timing side-channel on ARM → key recovery risk CVE-2025-9232: Out-of-bounds read → Do
@cyber_sec_raj
5 Oct 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OpenSSLが3件の脆弱性を同時公開(CVE-2025-9230 / -9231 / -9232) https://t.co/3LWiggviZK #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
3 Oct 2025
79 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OpenSSL ha corregido tres vulnerabilidades críticas (CVE-2025-9230/31/32) que permitían desde ataques DoS hasta la posible extracción de claves privadas. Estos fallos afectaban a versiones recientes y podían comprometer la seguridad de servidores y aplicaciones #OpenSSL https
@henryraul
3 Oct 2025
209 Impressions
6 Retweets
8 Likes
1 Bookmark
1 Reply
0 Quotes
OpenSSL Security Advisory [30th September 2025] https://t.co/YJbVmIwaZn CVE-2025-9230: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9231: Timing side-channel in SM2 algorithm on 64 bit ARM CVE-2025-9232: Out-of-bounds read in HTTP client no_proxy handling
@oss_security
1 Oct 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Ubuntu patches critical OpenSSL flaws (USN-7786-1) CVE-2025-9230/31/32 | Memory corruption + ARM timing attack Affects: Ubuntu 16.04 ESM → 25.04 Services require restart post-patch. Update NOW. #Ubuntu #OpenSSL #Patching https://t.co/xoHVKoH2Ta
@the_c_protocol
1 Oct 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en OpenSSL ❗CVE-2025-9230 ➡️Más info: https://t.co/WLenbdJzi8 https://t.co/z24mYwycf3
@CERTpy
1 Oct 2025
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OpenSSLの脆弱性(Moderate: CVE-2025-9230, CVE-2025-9231, Low: CVE-2025-9232)と3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm, 1.1.1zdリリース - SIOS SECURITY BLOG https://t.co/Zd4daw56H2
@pHo9UBenaA
1 Oct 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-9230 Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: Thi… https://t.co/uRil22pLQw
@CVEnew
30 Sept 2025
329 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes