CVE-2025-9231 — Covert Timing Channel in Openssl
Severity
6.5MEDIUMNVD
OSV7.5
EPSS
0.0%
top 94.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 30
Description
Issue summary: A timing side-channel which could potentially allow remote
recovery of the private key exists in the SM2 algorithm implementation on 64 bit
ARM platforms.
Impact summary: A timing side-channel in SM2 signature computations on 64 bit
ARM platforms could allow recovering the private key by an attacker..
While remote key recovery over a network was not attempted by the reporter,
timing measurements revealed a timing signal which may allow such an attack.
OpenSSL does not directly …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 3.9 | Impact: 2.5
Affected Packages12 packages
🔴Vulnerability Details
4GHSA▶
GHSA-9mrx-mqmg-gwj9: Issue summary: A timing side-channel which could potentially allow remote
recovery of the private key exists in the SM2 algorithm implementation on 64↗2025-09-30
OSV▶
CVE-2025-9231: Issue summary: A timing side-channel which could potentially allow remote
recovery of the private key exists in the SM2 algorithm implementation on 64↗2025-09-30
OSV▶
CVE-2025-9231: Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64↗2025-09-30
📋Vendor Advisories
6Debian▶
CVE-2025-9231: openssl - Issue summary: A timing side-channel which could potentially allow remote recove...↗2025