[CIVN-2025-0252] Multiple vulnerabilities in OpenSSL

By Published On: October 9, 2025

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple vulnerabilities in OpenSSL 
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: MEDIUM
Software Affected
OpenSSL version 1.0.2
OpenSSL version 1.1.1
OpenSSL version 3.0
OpenSSL version 3.2
OpenSSL version 3.3
OpenSSL version 3.4
OpenSSL version 3.5
Overview
Multiple vulnerabilities have been reported in OpenSSL, which could be exploited by a remote attacker to execute arbitrary code, cause a denial of service condition, or disclose sensitive information on the targeted system.
Target Audience:
All end-user organisations and individuals using OpenSSL.
Risk Assessment:
Potential for data loss, compromise of sensitive information and service unavailability.
Impact Assessment:
Medium risk of system compromise and service disruption.
Description
OpenSSL is a free and open-source software for general-purpose cryptography and secure communication. It provides a robust, full-featured toolkit for implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
Multiple vulnerabilities exist in OpenSSL due to an out-of-bounds read and write in RFC 3211 KEK Unwrap; a timing side-channel in the SM2 algorithm on 64-bit ARM; and an out-of-bounds read in the HTTP client no_proxy handling. A remote attacker could exploit these vulnerabilities by sending specially crafted inputs.
Successful exploitation of these vulnerabilities could allow by a remote attacker to execute arbitrary code, cause a denial of service condition, or disclose sensitive information on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor:
https://openssl-library.org/news/secadv/20250930.txt
Vendor Information
OpenSSL
https://openssl-library.org/news/secadv/20250930.txt
References
OpenSSL
https://openssl-library.org/news/secadv/20250930.txt
CVE Name
CVE-2025-9230
CVE-2025-9231
CVE-2025-9232
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjnuuEACgkQ3jCgcSdc
ys8P+g//SZlZqU7n3j0cwVHN/GivnR1Qxiswd3GJk/IdQFe8ikX4lFMHu5Pzrl08
3f3q2uQYzuVcSmneT09eTEVn+0x1UMqikqTKibb2qNInx7yRIKBQV2d+5JrjCLjM
41EMkyqNHAvdXGIpY9jqYIoYgAMRmOj396qF5rZWTczm2RBYeZI7slv71YgwKDzK
QORABK1nuvmDBB/CfziaNP/tcj340TBGas93I7xNOFTRuzhibA6TfH2yivZZzXVf
L5fvH2kVw+CFuWIc7IXx2XI3y7St+jHKg288jysRbVJ2K+x7i6RJtNZdUbR5l+Vl
3NjTqhqSZLfYafiggRGohU+zmxWoDruIcGl50e8YPLBxvJJIBkrbcuNQl0SjMYte
crSIjda4CzmWoeKuXd34xO83GG+VB1IRcUudCVgEc1OXkmtXnGA3wy4A9L9Ut9D8
ausR8xyKM9svvSuZ5MThvXMtiER0NRdtETjRm8u5za27blRTayj2rsvy+MmUoMMQ
Uw8MgWjTlvG+Se2iaHyQVt5yd6u5ccn+rziADvfFITTDlfSb9geNoH5OCH1Q42RZ
CnAOGxu38FuY6mM7o4jTGwIy2oeeuZWUetcq6zZbKiZvJfdtQJPlCXlg6pArTw5z
V75GEFWvfXCEB00fbE6GvesIutAsz20+AphWsSaVGY0eFqprXVQ=
=biyB
—–END PGP SIGNATURE—–

Share this article