Home

CVE-2025-15467

Description

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message withmaliciously crafted AEAD parameters can trigger a stack buffer overflow.Impact summary: A stack buffer overflow may lead to a crash, causing Denialof Service, or potentially remote code execution.When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such asAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters iscopied into a fixed-size stack buffer without verifying that its length fitsthe destination. An attacker can supply a crafted CMS message with anoversized IV, causing a stack-based out-of-bounds write before anyauthentication or tag verification occurs.Applications and services that parse untrusted CMS or PKCS#7 content usingAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.Because the overflow occurs prior to authentication, no valid key materialis required to trigger it. While exploitability to remote code executiondepends on platform and toolchain mitigations, the stack-based writeprimitive represents a severe risk.The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by thisissue, as the CMS implementation is outside the OpenSSL FIPS moduleboundary.OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.01

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.62Windows
Multiple Vulnerabilities are affected in IBM MQ 9.3.5.1Windows
Multiple Vulnerabilities are affected in OpenSSL 3.4.3Windows
Multiple Vulnerabilities are affected in OpenSSL 3.5.4Windows
Multiple Vulnerabilities are affected in OpenSSL 3.6.0Windows
Multiple Vulnerabilities are affected in OpenSSL 3.0.18Windows
Multiple Vulnerabilities are affected in OpenSSL 3.3.5Windows
Multiple vulnerabilities are fixed in OpenSSL (3.6.1)Windows
Multiple vulnerabilities are fixed in OpenSSL (x64) (3.6.1)Windows
Multiple vulnerabilities are fixed in OpenSSL Light (3.6.1)Windows
Multiple vulnerabilities are fixed in OpenSSL Light (x64) (3.6.1)Windows
Multiple vulnerabilities are fixed in OpenSSL 3.5.5Windows
Multiple vulnerabilities are fixed in OpenSSL 3.4.4Windows
Multiple vulnerabilities are fixed in OpenSSL 3.3.6Windows
Multiple vulnerabilities are fixed in OpenSSL 3.0.19Windows
Multiple vulnerabilities are fixed in OpenSSL (MSI)(x64) 3.6.1Windows
Multiple vulnerabilities are fixed in OpenSSL (MSI)(x64) 3.5.5Windows
Multiple vulnerabilities are fixed in OpenSSL (MSI)(x64) 3.4.4Windows
Multiple vulnerabilities are fixed in OpenSSL (MSI)(x64) 3.3.6Windows
Multiple vulnerabilities are fixed in OpenSSL (MSI)(x64) 3.0.19Windows
Multiple vulnerabilities are fixed in OpenSSL (MSI)(x86) 3.6.1Windows
Multiple vulnerabilities are fixed in OpenSSL (MSI)(x86) 3.5.5Windows
Multiple vulnerabilities are fixed in OpenSSL (MSI)(x86) 3.4.4Windows
Multiple vulnerabilities are fixed in OpenSSL (MSI)(x86) 3.3.6Windows
Multiple vulnerabilities are fixed in OpenSSL (MSI)(x86) 3.0.19Windows
Multiple Vulnerabilities are affected in IBM MQ 9.1.0.33Windows
Multiple Vulnerabilities are affected in IBM MQ 9.2.0.40Windows
Multiple Vulnerabilities are affected in IBM MQ 9.3.0.36Windows
Multiple Vulnerabilities are affected in IBM MQ 9.4.0.17Windows
Multiple Vulnerabilities are affected in IBM MQ 9.4.5.0Windows
Multiple vulnerabilities are fixed in OpenSSL Light 3.5.5Windows
Multiple vulnerabilities are fixed in OpenSSL Light 3.4.4Windows
Multiple vulnerabilities are fixed in OpenSSL Light 3.3.6Windows
Multiple vulnerabilities are fixed in OpenSSL Light 3.0.19Windows
Multiple vulnerabilities are fixed in OpenSSL Light (x64) 3.5.5Windows
Multiple vulnerabilities are fixed in OpenSSL Light (x64) 3.4.4Windows
Multiple vulnerabilities are fixed in OpenSSL Light (x64) 3.3.6Windows
Multiple vulnerabilities are fixed in OpenSSL Light (x64) 3.0.19Windows
Multiple vulnerabilities are fixed in OpenSSL Library 3.6.1Windows
Multiple vulnerabilities are fixed in OpenSSL Library 3.5.5Windows
Multiple vulnerabilities are fixed in OpenSSL Library 3.4.4Windows
Multiple vulnerabilities are fixed in OpenSSL Library 3.3.6Windows
Multiple vulnerabilities are fixed in OpenSSL Library 3.0.19Windows
Multiple vulnerabilities are fixed in OpenSSL Library x86 3.6.1Windows
Multiple vulnerabilities are fixed in OpenSSL Library x86 3.5.5Windows
Multiple vulnerabilities are fixed in OpenSSL Library x86 3.4.4Windows
Multiple vulnerabilities are fixed in OpenSSL Library x86 3.3.6Windows
Multiple vulnerabilities are fixed in OpenSSL Library x86 3.0.19Windows
Multiple vulnerabilities are affected in Mysql 8.0.45Windows
Multiple vulnerabilities are affected in Mysql 8.4.8Windows
Multiple vulnerabilities are affected in Mysql 9.6.0Windows
Vulnerabilities CVE-2025-15467 are affected in MySQL Workbench Enterprise Edition 8.0.46Windows
Vulnerabilities CVE-2025-15467 are affected in MySQL Workbench CE (x64) 8.0.46Windows
Out-of-bounds Write Vulnerability (CVE-2025-15467)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-355449OpenSSL (3.6.1)
PATCH-355449OpenSSL (3.6.1)
PATCH-355449OpenSSL (3.6.1)
PATCH-355449OpenSSL (3.6.1)
PATCH-355449OpenSSL (3.6.1)
PATCH-355449OpenSSL (3.6.1)
PATCH-355450OpenSSL (x64) (3.6.1)
PATCH-355451OpenSSL Light (3.6.1)
PATCH-355452OpenSSL Light (x64) (3.6.1)
PATCH-355449OpenSSL (3.6.1)
PATCH-355449OpenSSL (3.6.1)
PATCH-355449OpenSSL (3.6.1)
PATCH-355449OpenSSL (3.6.1)
PATCH-355451OpenSSL Light (3.6.1)
PATCH-355451OpenSSL Light (3.6.1)
PATCH-355451OpenSSL Light (3.6.1)
PATCH-355451OpenSSL Light (3.6.1)
PATCH-355452OpenSSL Light (x64) (3.6.1)
PATCH-355452OpenSSL Light (x64) (3.6.1)
PATCH-355452OpenSSL Light (x64) (3.6.1)
PATCH-355452OpenSSL Light (x64) (3.6.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234