The OpenSSL Project has recently disclosed three significant security vulnerabilities that could allow attackers to execute remote code and potentially recover private cryptographic keys. These flaws affect multiple OpenSSL versions across various platforms, posing risks such as memory corruption, denial of service attacks, and unauthorized access to sensitive cryptographic materials.
Memory Corruption Vulnerability (CVE-2025-9230)
The most severe of these vulnerabilities, identified as CVE-2025-9230, involves out-of-bounds memory operations in the RFC 3211 Key Encryption Key (KEK) unwrap functionality. This flaw occurs when applications attempt to decrypt Cryptographic Message Syntax (CMS) messages using password-based encryption (PWRI). Specifically, the vulnerability triggers both out-of-bounds read and write operations, potentially leading to memory corruption. This corruption could be exploited by attackers to execute arbitrary code or cause system crashes.
This vulnerability affects OpenSSL versions 3.5, 3.4, 3.3, 3.2, 3.0, 1.1.1, and 1.0.2. It was discovered by security researchers from Aisle Research, led by Stanislav Fort, on August 9, 2025. The exploit requires specific conditions, including the use of password-based encryption in CMS messages. While PWRI encryption support is rarely implemented in production environments, successful exploitation could result in complete system compromise through remote code execution capabilities.
The vulnerability exists in the KEK unwrap algorithm implementation, where insufficient bounds checking allows memory operations beyond allocated buffer boundaries. Attackers can craft malicious CMS payloads that trigger integer overflow conditions, resulting in buffer overflows during decryption processes. Notably, the FIPS modules remain unaffected since the CMS implementation operates outside the OpenSSL FIPS boundary.
Timing Side-Channel Flaw (CVE-2025-9231)
The second critical flaw, CVE-2025-9231, introduces a timing side-channel vulnerability in the SM2 cryptographic algorithm implementation on 64-bit ARM platforms. This vulnerability allows remote attackers to recover private keys through timing analysis of signature computation operations. While OpenSSL doesn’t directly support SM2 certificates in Transport Layer Security (TLS) contexts, custom providers could expose this vulnerability in production environments.
Timing side-channel attacks exploit variations in cryptographic operation execution times to extract sensitive information. The SM2 algorithm implementation exhibits timing discrepancies during signature generation processes, creating measurable patterns that attackers can analyze to reconstruct private key material. This attack vector requires network access to measure timing variations across multiple cryptographic operations, making it feasible for remote exploitation scenarios.
The vulnerability affects OpenSSL versions 3.5, 3.4, 3.3, and 3.2 specifically on 64-bit ARM architectures. Earlier versions, including 3.1, 3.0, 1.1.1, and 1.0.2, remain unaffected due to different implementation details.
Out-of-Bounds Read in HTTP Client (CVE-2025-9232)
The third vulnerability, CVE-2025-9232, is an out-of-bounds read issue in the HTTP client’s handling of the `no_proxy` environment variable. This flaw could potentially allow attackers to read sensitive information from process memory, leading to information disclosure. The vulnerability affects OpenSSL versions 3.5, 3.4, 3.3, and 3.2. Earlier versions are not impacted.
Mitigation and Recommendations
To address these vulnerabilities, the OpenSSL Project has released patches in the following versions:
– OpenSSL 3.5.1
– OpenSSL 3.4.2
– OpenSSL 3.3.3
– OpenSSL 3.2.5
Administrators and users are strongly urged to upgrade to these patched versions promptly to mitigate potential risks. Additionally, it is recommended to review and update any custom implementations or providers that may be affected by these vulnerabilities.
The OpenSSL Project continues to prioritize security and encourages the community to report any potential vulnerabilities to help maintain the integrity and trustworthiness of the library.
