OpenSSL Warns of Critical Vulnerabilities Affecting Multiple Versions

OpenSSL urges immediate patching for three severe vulnerabilities. Organizations using custom cryptographic providers with SM2 support are at high risk.

, and Administrator

2025 October 2 . 2:15 PM

1 min read

This picture shows few cross symbols and few papers and key chains on the glass table.

OpenSSL Warns of Critical Vulnerabilities Affecting Multiple Versions

The OpenSSL Project has issued a critical security advisory, warning of three significant vulnerabilities affecting various versions of OpenSSL. These flaws could allow attackers to execute remote code, cause denial of service attacks, and compromise sensitive cryptographic services. Organizations using custom cryptographic providers with SM2 support are urged to prioritize immediate patching.

The most severe vulnerability, CVE-2025-9230, involves improper handling of CMS message decryption in OpenSSL versions 3.5 to 1.0.2. This could lead to out-of-bounds memory operations, potentially allowing attackers to execute arbitrary code or cause system crashes.

Another critical issue, CVE-2025-9231, is a timing side-channel vulnerability in the SM2 cryptographic services algorithm implementation on 64-bit ARM platforms. This could allow remote attackers to recover private keys through timing analysis, compromising the security of systems using these platforms.

Lastly, CVE-2025-9232 involves out-of-bounds read operations in HTTP client no_proxy handling for IPv6 addresses. While presenting a lower risk with denial-of-service impact only, it's still crucial to address this vulnerability to prevent potential disruptions in service.

The OpenSSL Project has urged users to upgrade to patched versions immediately to mitigate these risks. Affected versions include OpenSSL 3.5, 3.4, 3.3, 3.2, 3.0, 1.1.1, and 1.0.2. Organizations are advised to prioritize patching, especially those using custom cryptographic services providers with SM2 support, to prevent unauthorized access and maintain the integrity of their systems.

Latest

In this picture we observe a fuel tank on which AMBUL is written.

Automotive

Mercedes-Benz Unveils New CLE Coupé: A Powerful Blend of C-Class & E-Class

The new CLE Coupé brings together the best of two worlds. With its powerful engine and advanced features, it's set to make a splash in Australia.

, and Administrator

2025 October 9

In this image, we can see an advertisement contains robots and some text.

AI Revolution

Amazon's New AI-Powered Seller Assistant Boosts U.S. Merchants' Business

Amazon's new AI-driven Seller Assistant is a game-changer for U.S. merchants. It handles crucial tasks, offers valuable insights, and optimizes product distribution, all at no extra cost.

, and Administrator

2025 October 9

In the center of the image, we can see a fly on the net.

Industry

China Condemns US 'Cyber-Theft' at Defense University

China demands answers after US allegedly steals 140GB of data from a top defense university. The US acknowledges its grey zone cyber-activity but denies industrial espionage.

, and Administrator

2025 October 9

In the picture I can see few cameras which are of different types and there is something written...

Tech Pulse's Top Gadget Picks

Amazon's Prime Deal Days 2025: Big Savings on 4K Dashcams

Amazon's Prime Deal Days 2025 brought massive savings on high-quality 4K dashcams. Upgrade your tech now!

, and Administrator

2025 October 9

OpenSSL Warns of Critical Vulnerabilities Affecting Multiple Versions

OpenSSL Warns of Critical Vulnerabilities Affecting Multiple Versions

Read also:

Related

Latest