Pre-Auth RCE Risk: OpenSSL Patches High-Severity Stack Overflow (CVE-2025-15467)

The maintainers of OpenSSL, the cryptographic library that underpins a vast portion of the secure web, have released a sweeping security update to address a dozen vulnerabilities ranging from memory corruption to logic errors. The headline flaw in this batch is a High-severity stack buffer overflow (CVE-2025-15467) that could potentially allow remote attackers to execute code on vulnerable systems.

The advisory, released to the public, details a mix of issues affecting various components, including PKCS#12 handling, CMS parsing, and TLS 1.3 certificate compression.

The most alarming discovery is CVE-2025-15467, a vulnerability rooted in how OpenSSL processes Cryptographic Message Syntax (CMS) structures. Specifically, the flaw exists in the handling of AuthEnvelopedData messages that use AEAD ciphers like AES-GCM.

The issue arises when the system attempts to copy the Initialization Vector (IV) into a fixed-size buffer. According to the advisory, “Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow”.

Because the library fails to verify if the IV length fits the destination, an attacker can force a write outside the bounds of the stack. The consequences are severe: “A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution”.

Crucially, this can happen before the system even checks authentication credentials. “Because the overflow occurs prior to authentication, no valid key material is required to trigger it”.

A second significant flaw, tracked as CVE-2025-11187, affects the verification of PKCS#12 files—a common format for storing private keys and certificates. Rated as Moderate severity, this vulnerability involves improper validation of PBMAC1 parameters.

The advisory explains that “PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification”.

If the key length defined in the file exceeds the internal buffer size of 64 bytes, the derivation process overflows. While dangerous, the severity is tempered by the fact that applications typically trust the source of these files. “It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition”.

Beyond the headline issues, the update addresses ten “Low” severity vulnerabilities that could lead to crashes or minor data integrity issues. Notable among them:

• CVE-2025-15469: The openssl dgst command-line tool was found to “silently truncate input data to 16MB when using one-shot signing algorithms,” potentially leaving trailing data unauthenticated.
• CVE-2025-66199: A TLS 1.3 memory exhaustion issue where “An attacker can cause per-connection memory allocations of up to approximately 22 MiB,” leading to potential denial of service.
• CVE-2025-15468: A NULL pointer dereference in the SSL_CIPHER_find() function for QUIC protocol users.

The vulnerabilities affect multiple branches of OpenSSL, including the latest 3.x series. The maintainers have released the following updates to mitigate these risks:

• OpenSSL 3.6 users should upgrade to 3.6.1.
• OpenSSL 3.5 users should upgrade to 3.5.5.
• OpenSSL 3.4 users should upgrade to 3.4.4.
• OpenSSL 3.3 users should upgrade to 3.3.6.
• OpenSSL 3.0 users should upgrade to 3.0.19.

Users of the older, premium-support-only versions (1.1.1 and 1.0.2) also have patches available for specific vulnerabilities.

Related Posts:

• OpenSSL change development strategy: switch to the GitHub issue to discuss the patch
• CVE-2024-12797 – High-Severity OpenSSL Flaw: Update Now to Prevent MITM Attacks
• OpenSSL Patches Three Flaws: Timing Side-Channel RCE Risk and Memory Corruption Affect All Versions
• CVE-2022-3602: OpenSSL Remote Code Execution Vulnerability