CVE-2025-9230
Description
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.
Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.
Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
94BEFORE_engine, OpenSSL_0_9_1c, OpenSSL_0_9_2b, …+ 1 more
- (no CPE)range: BEFORE_engine, OpenSSL_0_9_1c, OpenSSL_0_9_2b, …
- (no CPE)range: <3.5
- osv-coords92 versionspkg:apk/chainguard/authentikpkg:apk/chainguard/opensslpkg:apk/chainguard/openssl-provider-fipspkg:apk/chainguard/openssl-provider-fips-3.1.2pkg:apk/chainguard/openssl-provider-fips-3.4.0pkg:apk/chainguard/openssl-provider-fips-3.4.0-dbgpkg:apk/wolfi/opensslpkg:rpm/almalinux/edk2-aarch64pkg:rpm/almalinux/edk2-ovmfpkg:rpm/almalinux/edk2-toolspkg:rpm/almalinux/edk2-tools-docpkg:rpm/almalinux/opensslpkg:rpm/almalinux/openssl-develpkg:rpm/almalinux/openssl-libspkg:rpm/almalinux/openssl-perlpkg:rpm/opensuse/openssl-1_0_0&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/regclient&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/openssl-1_1&distro=SUSE%20Manager%20Server%20LTS%204.3pkg:rpm/suse/openssl-1_1-livepatches&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4pkg:rpm/suse/openssl-1_1-livepatches&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/openssl-1_1-livepatches&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/openssl-1_1-livepatches&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/openssl-3&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/openssl-3&distro=SUSE%20Manager%20Server%20LTS%204.3pkg:rpm/suse/openssl-3-livepatches&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6pkg:rpm/suse/openssl-3-livepatches&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/openssl-3-livepatches&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/openssl-3-livepatches&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/openssl-3-livepatches&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/openssl-3-livepatches&distro=SUSE%20Linux%20Micro%206.2
< 2025.10.1-r4+ 91 more
- (no CPE)range: < 2025.10.1-r4
- (no CPE)range: < 3.5.4-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.5.4-r0
- (no CPE)range: < 20241117-4.el9_7.3
- (no CPE)range: < 20241117-4.el9_7.3
- (no CPE)range: < 20241117-4.el9_7.3
- (no CPE)range: < 20241117-4.el9_7.3
- (no CPE)range: < 1:3.5.1-4.el10_1.alma.1
- (no CPE)range: < 1:3.5.1-4.el10_1.alma.1
- (no CPE)range: < 1:3.5.1-4.el10_1.alma.1
- (no CPE)range: < 1:3.5.1-4.el10_1.alma.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.1.1w-150600.5.18.1
- (no CPE)range: < 3.1.4-150600.5.39.1
- (no CPE)range: < 3.5.0-160000.4.1
- (no CPE)range: < 3.5.3-2.1
- (no CPE)range: < 0.10.0-1.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-3.98.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-150000.3.97.1
- (no CPE)range: < 1.0.2p-3.98.1
- (no CPE)range: < 1.1.1d-150200.11.103.1
- (no CPE)range: < 1.1.1d-150200.11.103.1
- (no CPE)range: < 1.1.1l-150400.7.84.1
- (no CPE)range: < 1.1.1l-150400.7.84.1
- (no CPE)range: < 1.1.1l-150500.17.43.1
- (no CPE)range: < 1.1.1l-150500.17.43.1
- (no CPE)range: < 1.1.1d-150200.11.103.1
- (no CPE)range: < 1.1.1d-150200.11.103.1
- (no CPE)range: < 1.1.1l-150400.7.84.1
- (no CPE)range: < 1.1.1l-150400.7.84.1
- (no CPE)range: < 1.1.1l-150500.17.43.1
- (no CPE)range: < 1.1.1w-150600.5.18.1
- (no CPE)range: < 1.1.1w-150700.11.6.1
- (no CPE)range: < 1.1.1w-150600.5.18.1
- (no CPE)range: < 1.1.1w-150700.11.6.1
- (no CPE)range: < 1.1.1w-150600.5.18.1
- (no CPE)range: < 1.1.1w-150700.11.6.1
- (no CPE)range: < 1.1.1d-2.119.1
- (no CPE)range: < 1.1.1d-150200.11.103.1
- (no CPE)range: < 1.1.1l-150400.7.84.1
- (no CPE)range: < 1.1.1l-150500.17.43.1
- (no CPE)range: < 1.1.1d-150200.11.103.1
- (no CPE)range: < 1.1.1l-150400.7.84.1
- (no CPE)range: < 1.1.1l-150500.17.43.1
- (no CPE)range: < 1.1.1d-2.119.1
- (no CPE)range: < 1.1.1l-150400.7.84.1
- (no CPE)range: < 1.1.1l-150400.7.84.1
- (no CPE)range: < 0.5-150400.3.17.1
- (no CPE)range: < 0.5-150500.6.11.1
- (no CPE)range: < 0.5-150600.11.3.1
- (no CPE)range: < 0.5-150700.13.3.1
- (no CPE)range: < 1.0.1g-0.58.85.1
- (no CPE)range: < 3.0.8-150400.4.75.1
- (no CPE)range: < 3.0.8-150400.4.75.1
- (no CPE)range: < 3.0.8-150500.5.54.1
- (no CPE)range: < 3.0.8-150500.5.54.1
- (no CPE)range: < 3.0.8-150400.4.75.1
- (no CPE)range: < 3.0.8-150400.4.75.1
- (no CPE)range: < 3.1.4-150600.5.39.1
- (no CPE)range: < 3.2.3-150700.5.21.1
- (no CPE)range: < 3.0.8-150400.4.75.1
- (no CPE)range: < 3.0.8-150500.5.54.1
- (no CPE)range: < 3.5.0-160000.4.1
- (no CPE)range: < 3.0.8-150400.4.75.1
- (no CPE)range: < 3.0.8-150500.5.54.1
- (no CPE)range: < 3.5.0-160000.4.1
- (no CPE)range: < 3.1.4-10.1
- (no CPE)range: < 3.1.4-slfo.1.1_7.1
- (no CPE)range: < 3.5.0-160000.4.1
- (no CPE)range: < 3.0.8-150400.4.75.1
- (no CPE)range: < 3.0.8-150400.4.75.1
- (no CPE)range: < 0.2-150600.13.8.1
- (no CPE)range: < 0.2-150600.13.8.1
- (no CPE)range: < 0.3-160000.1.1
- (no CPE)range: < 0.3-160000.1.1
- (no CPE)range: < 0.2-slfo.1.1_1.1
- (no CPE)range: < 0.3-160000.1.1
Patches
Vulnerability mechanics
References
16- www.openwall.com/lists/oss-security/2025/09/30/5nvd
- cert-portal.siemens.com/productcert/html/ssa-032379.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-089022.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-253495.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-485750.htmlnvd
- github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45nvd
- github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280nvd
- github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2defnvd
- github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfdnvd
- github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482nvd
- github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3nvd
- github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8banvd
- lists.debian.org/debian-lts-announce/2025/10/msg00001.htmlnvd
- openssl-library.org/news/secadv/20250930.txtnvd
News mentions
1- Siemens SIMATICCISA ICS Advisories