CVE-2025-15467 Overview
CVE-2025-15467 is a critical stack buffer overflow vulnerability in OpenSSL affecting the parsing of CMS (Cryptographic Message Syntax) AuthEnvelopedData and EnvelopedData messages. When processing messages that utilize AEAD (Authenticated Encryption with Associated Data) ciphers such as AES-GCM, the Initialization Vector (IV) encoded in ASN.1 parameters is copied into a fixed-size stack buffer without proper length validation. An attacker can craft a malicious CMS message with an oversized IV to trigger a stack-based out-of-bounds write, potentially leading to denial of service or remote code execution.
Critical Impact
This vulnerability allows unauthenticated attackers to trigger a stack buffer overflow remotely by sending crafted CMS/PKCS#7 content. No valid key material is required to exploit this flaw, making it particularly dangerous for applications processing untrusted S/MIME or CMS messages.
Affected Products
- OpenSSL 3.6
- OpenSSL 3.5
- OpenSSL 3.4
- OpenSSL 3.3
- OpenSSL 3.0
Discovery Timeline
- 2026-01-27 - CVE-2025-15467 published to NVD
- 2026-02-25 - Last updated in NVD database
Technical Details for CVE-2025-15467
Vulnerability Analysis
The vulnerability exists in OpenSSL's CMS implementation when parsing AEAD cipher parameters. Specifically, the flaw occurs in the evp_lib.c file where the IV (Initialization Vector) from ASN.1-encoded AEAD parameters is extracted and copied into a stack-allocated buffer. The code originally retrieved the IV length without simultaneously copying the data, then performed a second call to copy the IV bytes. Critically, the bounds check only verified that the length was positive (i <= 0) but failed to ensure the length did not exceed EVP_MAX_IV_LENGTH.
This oversight allows an attacker to supply a CMS message containing an AEAD cipher with an IV larger than the destination buffer can accommodate. The subsequent memcpy operation writes beyond the stack buffer boundaries, corrupting adjacent stack memory.
Root Cause
The root cause is insufficient input validation in the ossl_asn1_type_get_octetstring_int function call chain within evp_lib.c. The original code performed two separate operations: first querying the IV length, then copying the IV data. The validation logic checked for non-positive lengths but did not validate the upper bound against EVP_MAX_IV_LENGTH before the copy operation.
The vulnerable pattern retrieved the length with a NULL destination buffer, checked only for i <= 0, then made a second call with the actual destination buffer using the unchecked length. This allowed maliciously crafted ASN.1 structures to specify arbitrary IV lengths that exceed the fixed-size stack buffer.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. An attacker can exploit this vulnerability by sending a specially crafted CMS or PKCS#7 message to any application that processes untrusted cryptographic content using OpenSSL's AEAD ciphers. Common attack scenarios include:
- Sending malicious S/MIME emails with crafted AuthEnvelopedData structures
- Submitting malformed CMS content to web services that decrypt or verify signatures
- Exploiting automated message processing systems that handle PKCS#7 content
The overflow occurs before any cryptographic authentication or tag verification, meaning attackers do not need valid keys or certificates to trigger the vulnerability.
// OpenSSL Security Patch - crypto/evp/evp_lib.c
// Before (vulnerable):
if (type == NULL || asn1_params == NULL)
return 0;
i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
if (i <= 0)
return -1;
ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);
memcpy(asn1_params->iv, iv, i);
asn1_params->iv_len = i;
// After (patched):
if (type == NULL || asn1_params == NULL)
return 0;
i = ossl_asn1_type_get_octetstring_int(type, &tl, iv, EVP_MAX_IV_LENGTH);
if (i <= 0 || i > EVP_MAX_IV_LENGTH)
return -1;
memcpy(asn1_params->iv, iv, i);
asn1_params->iv_len = i;
Source: GitHub OpenSSL Commit
Detection Methods for CVE-2025-15467
Indicators of Compromise
- Unexpected application crashes in processes handling CMS or S/MIME content
- Memory corruption errors or segmentation faults in OpenSSL-dependent services
- Abnormal CMS/PKCS#7 messages with unusually large IV fields in AEAD cipher parameters
- Stack-smashing detection alerts from applications compiled with stack protectors
Detection Strategies
- Monitor for crashes in applications using OpenSSL for CMS/PKCS#7 processing, particularly in mail servers and secure messaging systems
- Implement deep packet inspection rules to identify CMS messages with AEAD cipher parameters containing IV lengths exceeding 16 bytes
- Deploy runtime application self-protection (RASP) to detect stack buffer overflow attempts
- Use SentinelOne's behavioral AI to identify exploitation attempts through anomalous process behavior
Monitoring Recommendations
- Enable crash dump collection for services handling encrypted email or CMS content
- Monitor system logs for OpenSSL-related error messages indicating malformed ASN.1 structures
- Deploy network-level monitoring to detect anomalous CMS message structures
- Implement file integrity monitoring on OpenSSL library files to ensure patched versions remain deployed
How to Mitigate CVE-2025-15467
Immediate Actions Required
- Upgrade OpenSSL to the latest patched version immediately
- Identify all applications and services using vulnerable OpenSSL versions 3.0 through 3.6
- Implement network-level filtering to reject malformed CMS messages at perimeter security devices
- Temporarily disable S/MIME AuthEnvelopedData processing if patches cannot be immediately applied
Patch Information
OpenSSL has released security patches addressing this vulnerability. Organizations should upgrade to patched versions as documented in the OpenSSL Security Advisory. Multiple commits have been released for different OpenSSL branches:
- Commit 2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703
- Commit 5f26d4202f5b89664c5c3f3c62086276026ba9a9
- Commit 6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3
- Commit ce39170276daec87f55c39dad1f629b56344429e
- Commit d0071a0799f20cc8101730145349ed4487c268dc
Note: OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. FIPS modules in versions 3.6, 3.5, 3.4, 3.3, and 3.0 are also not affected as the CMS implementation is outside the FIPS module boundary.
Workarounds
- Disable processing of untrusted CMS/PKCS#7 content using AEAD ciphers until patches are applied
- Configure mail transfer agents to reject or quarantine S/MIME AuthEnvelopedData messages
- Implement input validation at the application layer to reject CMS messages before OpenSSL processing
- Use network security controls to filter incoming CMS content from untrusted sources
# Check OpenSSL version to determine vulnerability status
openssl version -a
# Verify OpenSSL library paths and identify all instances
find /usr -name "libssl.so*" -o -name "libcrypto.so*" 2>/dev/null
# List applications linked against OpenSSL
lsof | grep -E "libssl|libcrypto" | awk '{print $1}' | sort -u
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
