Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-15467

CVE-2025-15467: OpenSSL Buffer Overflow Vulnerability

CVE-2025-15467 is a stack buffer overflow flaw in OpenSSL CMS parsing that can cause DoS or remote code execution. This article covers the technical details, affected versions, security impact, and mitigation.

Updated:

CVE-2025-15467 Overview

CVE-2025-15467 is a critical stack buffer overflow vulnerability in OpenSSL affecting the parsing of CMS (Cryptographic Message Syntax) AuthEnvelopedData and EnvelopedData messages. When processing messages that utilize AEAD (Authenticated Encryption with Associated Data) ciphers such as AES-GCM, the Initialization Vector (IV) encoded in ASN.1 parameters is copied into a fixed-size stack buffer without proper length validation. An attacker can craft a malicious CMS message with an oversized IV to trigger a stack-based out-of-bounds write, potentially leading to denial of service or remote code execution.

Critical Impact

This vulnerability allows unauthenticated attackers to trigger a stack buffer overflow remotely by sending crafted CMS/PKCS#7 content. No valid key material is required to exploit this flaw, making it particularly dangerous for applications processing untrusted S/MIME or CMS messages.

Affected Products

  • OpenSSL 3.6
  • OpenSSL 3.5
  • OpenSSL 3.4
  • OpenSSL 3.3
  • OpenSSL 3.0

Discovery Timeline

  • 2026-01-27 - CVE-2025-15467 published to NVD
  • 2026-02-25 - Last updated in NVD database

Technical Details for CVE-2025-15467

Vulnerability Analysis

The vulnerability exists in OpenSSL's CMS implementation when parsing AEAD cipher parameters. Specifically, the flaw occurs in the evp_lib.c file where the IV (Initialization Vector) from ASN.1-encoded AEAD parameters is extracted and copied into a stack-allocated buffer. The code originally retrieved the IV length without simultaneously copying the data, then performed a second call to copy the IV bytes. Critically, the bounds check only verified that the length was positive (i <= 0) but failed to ensure the length did not exceed EVP_MAX_IV_LENGTH.

This oversight allows an attacker to supply a CMS message containing an AEAD cipher with an IV larger than the destination buffer can accommodate. The subsequent memcpy operation writes beyond the stack buffer boundaries, corrupting adjacent stack memory.

Root Cause

The root cause is insufficient input validation in the ossl_asn1_type_get_octetstring_int function call chain within evp_lib.c. The original code performed two separate operations: first querying the IV length, then copying the IV data. The validation logic checked for non-positive lengths but did not validate the upper bound against EVP_MAX_IV_LENGTH before the copy operation.

The vulnerable pattern retrieved the length with a NULL destination buffer, checked only for i <= 0, then made a second call with the actual destination buffer using the unchecked length. This allowed maliciously crafted ASN.1 structures to specify arbitrary IV lengths that exceed the fixed-size stack buffer.

Attack Vector

The attack vector is network-based and requires no authentication or user interaction. An attacker can exploit this vulnerability by sending a specially crafted CMS or PKCS#7 message to any application that processes untrusted cryptographic content using OpenSSL's AEAD ciphers. Common attack scenarios include:

  • Sending malicious S/MIME emails with crafted AuthEnvelopedData structures
  • Submitting malformed CMS content to web services that decrypt or verify signatures
  • Exploiting automated message processing systems that handle PKCS#7 content

The overflow occurs before any cryptographic authentication or tag verification, meaning attackers do not need valid keys or certificates to trigger the vulnerability.

c
// OpenSSL Security Patch - crypto/evp/evp_lib.c
// Before (vulnerable):
    if (type == NULL || asn1_params == NULL)
        return 0;

    i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
    if (i <= 0)
        return -1;
    ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);

    memcpy(asn1_params->iv, iv, i);
    asn1_params->iv_len = i;

// After (patched):
    if (type == NULL || asn1_params == NULL)
        return 0;

    i = ossl_asn1_type_get_octetstring_int(type, &tl, iv, EVP_MAX_IV_LENGTH);
    if (i <= 0 || i > EVP_MAX_IV_LENGTH)
        return -1;

    memcpy(asn1_params->iv, iv, i);
    asn1_params->iv_len = i;

Source: GitHub OpenSSL Commit

Detection Methods for CVE-2025-15467

Indicators of Compromise

  • Unexpected application crashes in processes handling CMS or S/MIME content
  • Memory corruption errors or segmentation faults in OpenSSL-dependent services
  • Abnormal CMS/PKCS#7 messages with unusually large IV fields in AEAD cipher parameters
  • Stack-smashing detection alerts from applications compiled with stack protectors

Detection Strategies

  • Monitor for crashes in applications using OpenSSL for CMS/PKCS#7 processing, particularly in mail servers and secure messaging systems
  • Implement deep packet inspection rules to identify CMS messages with AEAD cipher parameters containing IV lengths exceeding 16 bytes
  • Deploy runtime application self-protection (RASP) to detect stack buffer overflow attempts
  • Use SentinelOne's behavioral AI to identify exploitation attempts through anomalous process behavior

Monitoring Recommendations

  • Enable crash dump collection for services handling encrypted email or CMS content
  • Monitor system logs for OpenSSL-related error messages indicating malformed ASN.1 structures
  • Deploy network-level monitoring to detect anomalous CMS message structures
  • Implement file integrity monitoring on OpenSSL library files to ensure patched versions remain deployed

How to Mitigate CVE-2025-15467

Immediate Actions Required

  • Upgrade OpenSSL to the latest patched version immediately
  • Identify all applications and services using vulnerable OpenSSL versions 3.0 through 3.6
  • Implement network-level filtering to reject malformed CMS messages at perimeter security devices
  • Temporarily disable S/MIME AuthEnvelopedData processing if patches cannot be immediately applied

Patch Information

OpenSSL has released security patches addressing this vulnerability. Organizations should upgrade to patched versions as documented in the OpenSSL Security Advisory. Multiple commits have been released for different OpenSSL branches:

Note: OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. FIPS modules in versions 3.6, 3.5, 3.4, 3.3, and 3.0 are also not affected as the CMS implementation is outside the FIPS module boundary.

Workarounds

  • Disable processing of untrusted CMS/PKCS#7 content using AEAD ciphers until patches are applied
  • Configure mail transfer agents to reject or quarantine S/MIME AuthEnvelopedData messages
  • Implement input validation at the application layer to reject CMS messages before OpenSSL processing
  • Use network security controls to filter incoming CMS content from untrusted sources
bash
# Check OpenSSL version to determine vulnerability status
openssl version -a

# Verify OpenSSL library paths and identify all instances
find /usr -name "libssl.so*" -o -name "libcrypto.so*" 2>/dev/null

# List applications linked against OpenSSL
lsof | grep -E "libssl|libcrypto" | awk '{print $1}' | sort -u

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.