CVE-2025-15467 — Out-of-bounds Write in Openssl

CWE-787 — Out-of-bounds Write CWE-1395 — Dependency on Vulnerable Third-Party Component CWE-120 — Classic Buffer Overflow19 documents12 sources

Severity

8.8HIGHNVD

OSV6.1

EPSS

0.7%

top 27.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Github.com Dunglas Frankenphp

Timeline

PublishedJan 27

Latest updateFeb 18

Description

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5openssl/openssl3.6.0 — 3.6.1+4

▶NVDopenssl/openssl3.0.0 — 3.0.19+4

▶Alpineopenssl/openssl< 3.0.19-r0+4

▶Debianopenssl/openssl< 3.0.18-1~deb12u2+2

▶Ubuntuopenssl/openssl< 3.0.2-0ubuntu1.21+7

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

FrankenPHP has delayed propagation of security fixes in upstream base images↗2026-02-05

▶

OSV

FrankenPHP has delayed propagation of security fixes in upstream base images↗2026-02-05

▶

OSV

CVE-2025-15467: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow↗2026-01-27

▶

OSV

openssl, openssl1.0 vulnerabilities↗2026-01-27

▶

CVEList

Stack buffer overflow in CMS (Auth)EnvelopedData parsing↗2026-01-27

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerabilities↗2026-01-27

▶

BSD

FreeBSD-SA-26:01.openssl: Multiple vulnerabilities in OpenSSL↗2026-01-27

▶

Red Hat

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing↗2026-01-27

▶

Ubuntu

OpenSSL vulnerabilities↗2026-01-27

▶

Debian

CVE-2025-15467: openssl - Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with malic...↗2025

▶

🕵️Threat Intelligence

Schneier

AI Found Twelve New Vulnerabilities in OpenSSL↗2026-02-18

▶

Wiz

GHSA-x9p2-77v6-6vhf Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-15467 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶