CVE-2025-15467
published 2026-01-27CVE-2025-15467: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact…
PriorityP274high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
47.62%
98.7th percentile
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using
AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.
Because the overflow occurs prior to authentication, no valid key material
is required to trigger it. While exploitability to remote code execution
depends on platform and toolchain mitigations, the stack-based write
primitive represents a severe risk.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 3.0.18-1~deb12u2 (bookworm) | openssl 3.0.18-1~deb12u2 (bookworm) |
| github.com | dunglas_frankenphp | >= 0 < 1.1.11 | 1.1.11 |
| openssl | openssl | >= 0 < 3.0.19-r0 | 3.0.19-r0 |
| openssl | openssl | >= 0 < 3.3.6-r0 | 3.3.6-r0 |
| openssl | openssl | >= 0 < 3.3.6-r0 | 3.3.6-r0 |
| openssl | openssl | >= 0 < 3.5.5-r0 | 3.5.5-r0 |
| openssl | openssl | >= 0 < 3.5.5-r0 | 3.5.5-r0 |
| openssl | openssl | >= 0 < 3.0.18-1~deb12u2 | 3.0.18-1~deb12u2 |
| openssl | openssl | >= 0 < 3.5.4-1~deb13u2 | 3.5.4-1~deb13u2 |
| openssl | openssl | >= 0 < 3.5.5-1 | 3.5.5-1 |
| openssl | openssl | >= 0 < 3.0.2-0ubuntu1.21 | 3.0.2-0ubuntu1.21 |
| openssl | openssl | >= 0 < 3.0.13-0ubuntu3.7 | 3.0.13-0ubuntu3.7 |
| openssl | openssl | >= 0 < 3.5.3-1ubuntu3 | 3.5.3-1ubuntu3 |
| openssl | openssl | >= 0 < 1.0.1f-1ubuntu2.27+esm12 | 1.0.1f-1ubuntu2.27+esm12 |
| openssl | openssl | >= 0 < 1.0.2g-1ubuntu4.20+esm14 | 1.0.2g-1ubuntu4.20+esm14 |
| openssl | openssl | >= 0 < 1.1.1-1ubuntu2.1~18.04.23+esm7 | 1.1.1-1ubuntu2.1~18.04.23+esm7 |
| openssl | openssl | >= 0 < 1.1.1f-1ubuntu2.24+esm2 | 1.1.1f-1ubuntu2.24+esm2 |
| openssl | openssl | >= 0 < 3.0.2-0ubuntu1.21+Fips1 | 3.0.2-0ubuntu1.21+Fips1 |
| openssl | openssl | >= 3.0.0 < 3.0.19 | 3.0.19 |
| openssl | openssl | >= 3.1.0 < 3.3.6 | 3.3.6 |
| openssl | openssl | >= 3.3.0 < 3.3.6 | 3.3.6 |
| openssl | openssl | >= 3.4.0 < 3.4.4 | 3.4.4 |
| openssl | openssl | >= 3.5.0 < 3.5.5 | 3.5.5 |
| openssl | openssl | >= 3.6.0 < 3.6.1 | 3.6.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect CMS (Auth)EnvelopedData messages with oversized IV in ASN.1 parameters — the IV field should be 12 bytes for AES-GCM; any CMS message presenting a significantly larger IV value in the AEAD parameters block is a strong indicator of exploitation attempt. ↗
- →Flag or block untrusted CMS/PKCS#7 messages using AEAD ciphers (e.g., AES-GCM) arriving via S/MIME (Auth)EnvelopedData channels, especially those where the IV length in the ASN.1 parameters exceeds the expected fixed size. ↗
- →No valid key material is needed to trigger the overflow — treat any CMS AuthEnvelopedData/EnvelopedData parse crash or stack-smashing signal (e.g., __stack_chk_fail) in OpenSSL 3.0–3.6 processes as a potential exploitation indicator. ↗
- →Monitor for exploitation of Kerberos PKINIT plugin paths, as this is a specific OpenSSL consumer identified as vulnerable to CVE-2025-15467 on Red Hat platforms. ↗
- →Public exploits for CVE-2025-15467 have been reported as quickly developed online — prioritize detection of exploit tooling targeting OpenSSL CMS parsing in network and endpoint telemetry. ↗
- ·OpenSSL FIPS modules in versions 3.6, 3.5, 3.4, 3.3, and 3.0 are NOT affected because the CMS implementation is outside the FIPS module boundary — do not apply CMS-related detections to FIPS-only deployments. ↗
- ·OpenSSL 1.1.1 and 1.0.2 are NOT affected — detections and patching efforts should focus exclusively on OpenSSL 3.0 through 3.6. ↗
- ·On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which reduce RCE risk to DoS — adjust severity scoring accordingly for RHEL-based environments. ↗
- ·FrankenPHP Docker images based on Alpine/PHP/Go may carry vulnerable libcrypto3 if not rebuilt after upstream base image patches — pull latest tags to ensure updated base layers. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ghsa8.8HIGH
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
FrankenPHP has delayed propagation of security fixes in upstream base images
ghsa·2026-02-05·CVSS 8.8
[HIGH] CWE-1395 FrankenPHP has delayed propagation of security fixes in upstream base images
FrankenPHP has delayed propagation of security fixes in upstream base images
# Delayed propagation of security fixes in upstream base images
## Summary
**Vulnerability in base Docker images (PHP, Go, and Alpine) not automatically propagating to FrankenPHP images.**
FrankenPHP's container images were previously built only when specific version tags were updated or when manual triggers were initiated. This meant that if an upstream base image (such as Alpine Linux or official PHP/Go images) received a security patch under an existing tag, the FrankenPHP image would remain on the older, vulnerable version of those base layers.
## Impact
Users pulling FrankenPHP images may have been running environments with known vulnerabilities in underlying system libraries (e.g., `libcrypto3`) even i
OSV
FrankenPHP has delayed propagation of security fixes in upstream base images
osv·2026-02-05·CVSS 8.8
[HIGH] FrankenPHP has delayed propagation of security fixes in upstream base images
FrankenPHP has delayed propagation of security fixes in upstream base images
# Delayed propagation of security fixes in upstream base images
## Summary
**Vulnerability in base Docker images (PHP, Go, and Alpine) not automatically propagating to FrankenPHP images.**
FrankenPHP's container images were previously built only when specific version tags were updated or when manual triggers were initiated. This meant that if an upstream base image (such as Alpine Linux or official PHP/Go images) received a security patch under an existing tag, the FrankenPHP image would remain on the older, vulnerable version of those base layers.
## Impact
Users pulling FrankenPHP images may have been running environments with known vulnerabilities in underlying system libraries (e.g., `libcrypto3`) even i
OSV
CVE-2025-15467: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow
osv·2026-01-27·CVSS 8.8
CVE-2025-15467 [HIGH] CVE-2025-15467: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)Envelope
OSV
openssl, openssl1.0 vulnerabilities
osv·2026-01-27·CVSS 6.1
CVE-2025-68160 [MEDIUM] openssl, openssl1.0 vulnerabilities
openssl, openssl1.0 vulnerabilities
USN-7980-2 fixed vulnerabilities in OpenSSL. This update provides the
corresponding updates for CVE-2025-68160 for openssl and openssl1.0,
CVE-2025-69418 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS,
CVE-2025-69419 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS,
CVE-2025-69420 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS,
CVE-2025-69421 for openssl and openssl1.0, CVE-2026-22795 for openssl on
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, and CVE-2026-22796 for openssl and
openssl1.0.
Original advisory details:
Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL
incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC
verification. An attacker could possibly use this issue to cause OpenSSL
to crash, resulting in a deni
OSV
CVE-2025-15467: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD parameters can trigger a stack buffer overflow
osv·2026-01-27·CVSS 8.8
CVE-2025-15467 [HIGH] CVE-2025-15467: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD parameters can trigger a stack buffer overflow
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using
AEAD ciphers (e.g., S/MIME (Auth)Envel
OSV
CVE-2025-15467: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow
osv·2026-01-27·CVSS 8.8
CVE-2025-15467 [HIGH] CVE-2025-15467: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)Envelope
OSV
openssl vulnerabilities
osv·2026-01-27·CVSS 6.1
CVE-2025-11187 [MEDIUM] openssl vulnerabilities
openssl vulnerabilities
Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL
incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC
verification. An attacker could possibly use this issue to cause OpenSSL to
crash, resulting in a denial of service. This issue only affected Ubuntu
25.10. (CVE-2025-11187)
Stanislav Fort discovered that OpenSSL incorrectly parsed CMS
AuthEnvelopedData messages. An attacker could possibly use this issue to
cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467)
Stanislav Fort discovered that OpenSSL incorrectly handled memory in the
SSL_CIPHER_find() function. An attacker could possibly use this issue to
cause OpenSSL to crash, resulting in a denial of service. This issue only
affected Ubuntu 25.10. (CVE-2025-15468)
St
GHSA
GHSA-wvhq-3h88-rf6g: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously
crafted AEAD parameters can trigger a stack buffer overflow
ghsa_unreviewed·2026-01-27
CVE-2025-15467 [CRITICAL] CWE-787 GHSA-wvhq-3h88-rf6g: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously
crafted AEAD parameters can trigger a stack buffer overflow
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously
crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using
AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2026-01-27·CVSS 6.1
CVE-2025-69419 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
USN-7980-1 fixed vulnerabilities in OpenSSL. This update provides the
corresponding updates for CVE-2025-68160 for openssl and openssl1.0,
CVE-2025-69418 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS,
CVE-2025-69419 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS,
CVE-2025-69420 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS,
CVE-2025-69421 for openssl and openssl1.0, CVE-2026-22795 for openssl on
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, and CVE-2026-22796 for openssl and
openssl1.0.
Original advisory details:
Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL
incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC
verification. An attacker could possibly use this
BSD
FreeBSD-SA-26:01.openssl: Multiple vulnerabilities in OpenSSL
bsd_advisories·2026-01-27·CVSS 6.1
CVE-2025-11187 [MEDIUM] FreeBSD-SA-26:01.openssl: Multiple vulnerabilities in OpenSSL
FreeBSD-SA-26:01.openssl Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSL
Category: contrib
Module: openssl
Announced: 2026-01-27
Credits: Aisle Research
Affects: All supported versions of FreeBSD.
Corrected: 2026-01-27 19:14:58 UTC (stable/15, 15.0-STABLE)
2026-01-27 19:15:49 UTC (releng/15.0, 15.0-RELEASE-p2)
2026-01-27 19:15:10 UTC (stable/14, 14.3-STABLE)
2026-01-27 19:16:22 UTC (releng/14.3, 14.3-RELEASE-p8)
2026-01-27 19:15:19 UTC (stable/13, 13.4-STABLE)
2026-01-27 19:16:45 UTC (releng/13.5, 13.5-RELEASE-p9)
CVE Name: CVE-2025-11187, CVE-2025-15467, CVE-2025-15468,
CVE-2025-15469, CVE-2025-66199, CVE-2025-68160,
CVE-2025-69418, CVE-2025-69419, CVE-2025-69420,
CVE-2025-69421, CVE-2026-22795, CVE-2026-22796
For general information regarding FreeBSD S
Red Hat
openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
vendor_redhat·2026-01-27·CVSS 8.8
CVE-2025-15467 [HIGH] CWE-120 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
App
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2026-01-27·CVSS 6.1
CVE-2025-66199 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL
incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC
verification. An attacker could possibly use this issue to cause OpenSSL to
crash, resulting in a denial of service. This issue only affected Ubuntu
25.10. (CVE-2025-11187)
Stanislav Fort discovered that OpenSSL incorrectly parsed CMS
AuthEnvelopedData messages. An attacker could possibly use this issue to
cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467)
Stanislav Fort discovered that OpenSSL incorrectly handled memory in the
SSL_CIPHER_find() function. An attacker could possibly use this issue to
cause OpenSSL to crash, resulting in a denial of serv
Debian
CVE-2025-15467: openssl - Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with malic...
vendor_debian·2025·CVSS 8.8
CVE-2025-15467 [HIGH] CVE-2025-15467: openssl - Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with malic...
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)Envelope
Fortinet
OpenSSL CVE-2025-15467
vendor_fortinet·CVSS 8.8
CVE-2025-15467 [HIGH] OpenSSL CVE-2025-15467
FG-IR-26-076: OpenSSL CVE-2025-15467
CVSSv3 Score:
9.8
CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.
No detection rules found.
No public exploits indexed.
Qualys
Oracle Critical Patch Update, April 2026 Security Update Review
blogs_qualys·2026-04-22
CVE-2025-6965 Oracle Critical Patch Update, April 2026 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 481 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 139, constituting about 28% of the total patches released. Oracle Financial Services Applications and Oracle Fusion Middleware followed, with 75 and 59 security patches.
376 of the 481 security patches provided by the April Critical Patch Update (about 78%)
Schneier
AI Found Twelve New Vulnerabilities in OpenSSL
blogs_schneier·2026-02-18·CVSS 8.8
[HIGH] AI Found Twelve New Vulnerabilities in OpenSSL
## AI Found Twelve New Vulnerabilities in OpenSSL
The title of the post is” What AI Security Research Looks Like When It Works ,” and I agree:
In the latest OpenSSL security release> on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the Fall 2025 release , AISLE is credited for surfacing 13 of 14 OpenSSL CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any sin
Wiz
GHSA-x9p2-77v6-6vhf Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
[HIGH] GHSA-x9p2-77v6-6vhf Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-x9p2-77v6-6vhf :
vulnerability analysis and mitigation
## Delayed propagation of security fixes in upstream base images
## Summary
Vulnerability in base Docker images (PHP, Go, and Alpine) not automatically propagating to FrankenPHP images. FrankenPHP's container images were previously built only when specific version tags were updated or when manual triggers were initiated. This meant that if an upstream base image (such as Alpine Linux or official PHP/Go images) received a security patch under an existing tag, the FrankenPHP image would remain on the older, vulnerable version of those base layers.
## Impact
libcrypto3
libcrypto3
## Details
The issue was a lack of automated "staleness" detection in the CI/CD pipeline.
Unless explicitly told, our build server was bui
Wiz
CVE-2025-15467 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-15467 [HIGH] CVE-2025-15467 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15467 :
OpenSSL vulnerability analysis and mitigation
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with
maliciously crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untruste
Bugzilla
[Minor Incident] CVE-2025-15467 mingw-openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing [fedora-42]
bugzilla·2026-01-27·CVSS 8.8
CVE-2025-15467 [HIGH] [Minor Incident] CVE-2025-15467 mingw-openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing [fedora-42]
[Minor Incident] CVE-2025-15467 mingw-openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain op
Bugzilla
[Minor Incident] CVE-2025-15467 sslscan: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing [fedora-42]
bugzilla·2026-01-27·CVSS 8.8
CVE-2025-15467 [HIGH] [Minor Incident] CVE-2025-15467 sslscan: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing [fedora-42]
[Minor Incident] CVE-2025-15467 sslscan: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open bec
Bugzilla
CVE-2025-15467 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
bugzilla·2026-01-16·CVSS 8.8
CVE-2025-15467 [HIGH] CVE-2025-15467 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
CVE-2025-15467 openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using
AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.
Be
https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429ehttps://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dchttps://openssl-library.org/news/secadv/20260127.txthttp://www.openwall.com/lists/oss-security/2026/01/27/10http://www.openwall.com/lists/oss-security/2026/02/25/6https://access.redhat.com/errata/RHSA-2026:1472https://access.redhat.com/errata/RHSA-2026:1473https://access.redhat.com/errata/RHSA-2026:1496https://access.redhat.com/errata/RHSA-2026:1503https://access.redhat.com/errata/RHSA-2026:1519https://access.redhat.com/errata/RHSA-2026:1594https://access.redhat.com/errata/RHSA-2026:1733https://access.redhat.com/errata/RHSA-2026:1736https://access.redhat.com/errata/RHSA-2026:2072https://access.redhat.com/errata/RHSA-2026:2077https://access.redhat.com/errata/RHSA-2026:2485https://access.redhat.com/errata/RHSA-2026:2563https://access.redhat.com/errata/RHSA-2026:2633https://access.redhat.com/errata/RHSA-2026:2659https://access.redhat.com/errata/RHSA-2026:2671https://access.redhat.com/errata/RHSA-2026:2844https://access.redhat.com/errata/RHSA-2026:2974https://access.redhat.com/errata/RHSA-2026:2995https://access.redhat.com/errata/RHSA-2026:3228https://access.redhat.com/errata/RHSA-2026:3415https://access.redhat.com/errata/RHSA-2026:3461https://access.redhat.com/errata/RHSA-2026:3462https://access.redhat.com/errata/RHSA-2026:4419https://access.redhat.com/errata/RHSA-2026:4943https://access.redhat.com/errata/RHSA-2026:6481https://access.redhat.com/errata/RHSA-2026:7261https://access.redhat.com/security/cve/CVE-2025-15467https://bugzilla.redhat.com/show_bug.cgi?id=2430376https://cert-portal.siemens.com/productcert/html/ssa-434797.htmlhttps://github.com/guiimoraes/CVE-2025-15467https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15467.json
2026-01-27
Published