CVE-2025-4575 — Improper Certificate Validation in Openssl
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 77.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 22
Latest updateJan 15
Description
Issue summary: Use of -addreject option with the openssl x509 application adds
a trusted use instead of a rejected use for a certificate.
Impact summary: If a user intends to make a trusted certificate rejected for
a particular use it will be instead marked as trusted for that use.
A copy & paste error during minor refactoring of the code introduced this
issue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate
should be trusted only for the purpose of authenticating TLS serv…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5
Affected Packages9 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-v8qh-5c5w-48pp: Issue summary: Use of -addreject option with the openssl x509 application adds
a trusted use instead of a rejected use for a certificate↗2025-05-22
OSV▶
CVE-2025-4575: Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate↗2025-05-22
OSV▶
CVE-2025-4575: Issue summary: Use of -addreject option with the openssl x509 application adds
a trusted use instead of a rejected use for a certificate↗2025-05-22