CVE-2025-15468 Overview
CVE-2025-15468 is a NULL Pointer Dereference vulnerability affecting the OpenSSL cryptographic library's QUIC protocol implementation. When an application uses the SSL_CIPHER_find() function in a QUIC protocol client or server and receives an unknown cipher suite from the peer, a NULL dereference occurs. This vulnerability leads to abnormal termination of the running process, causing a Denial of Service condition.
Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will occur if the examined cipher ID is unknown or unsupported. The vulnerable code was introduced in OpenSSL version 3.2 with the addition of QUIC protocol support.
Critical Impact
Applications using OpenSSL's QUIC implementation with SSL_CIPHER_find() in the client_hello_cb callback are vulnerable to remote Denial of Service attacks when processing unknown cipher suites from malicious peers.
Affected Products
- OpenSSL 3.6
- OpenSSL 3.5
- OpenSSL 3.4
- OpenSSL 3.3
Discovery Timeline
- 2026-01-27 - CVE CVE-2025-15468 published to NVD
- 2026-01-29 - Last updated in NVD database
Technical Details for CVE-2025-15468
Vulnerability Analysis
This vulnerability is classified as CWE-476 (NULL Pointer Dereference), a memory safety issue where the application attempts to use a pointer that has a NULL value, leading to a crash. The flaw exists specifically within the QUIC protocol handling code path in OpenSSL.
The vulnerability is triggered when an application implements a client_hello_cb callback that calls SSL_CIPHER_find() to examine cipher IDs received from a peer. In the context of QUIC connections, if the cipher ID provided by the peer is unknown or unsupported, the function returns NULL without proper handling, leading to a dereference of this NULL pointer.
The attack requires network access and does not require authentication or user interaction. However, the attack complexity is high because specific conditions must be met: the target application must be using the QUIC protocol implementation and must be calling SSL_CIPHER_find() within the client_hello_cb callback—a pattern that is not common in typical QUIC applications.
Notably, the FIPS modules in versions 3.6, 3.5, 3.4, and 3.3 are not affected by this issue, as the QUIC implementation resides outside the OpenSSL FIPS module boundary. Additionally, OpenSSL versions 3.0, 1.1.1, and 1.0.2 are not vulnerable as they do not include QUIC support.
Root Cause
The root cause is insufficient validation of the return value from SSL_CIPHER_find() when operating within the QUIC protocol context. When an unknown or unsupported cipher ID is encountered, the function returns NULL, but subsequent code attempts to dereference this pointer without checking for NULL, causing the application to crash.
This represents a missing input validation check that was introduced when QUIC protocol support was added in OpenSSL 3.2. The validation logic that exists for traditional TLS contexts was not properly replicated or adapted for the QUIC code path.
Attack Vector
The attack is network-based and can be executed remotely. An attacker can exploit this vulnerability by establishing a QUIC connection to a vulnerable server (or acting as a malicious server for client exploitation) and sending a ClientHello message containing an unknown or unsupported cipher suite ID.
The exploitation mechanism involves:
- The attacker initiates a QUIC handshake with the target application
- The attacker crafts a ClientHello message with a malicious or unknown cipher suite identifier
- The target application's client_hello_cb callback processes the incoming connection
- The callback calls SSL_CIPHER_find() with the attacker-controlled cipher ID
- SSL_CIPHER_find() returns NULL for the unknown cipher
- The application dereferences the NULL pointer, causing a crash
This results in Denial of Service through process termination. No confidentiality or integrity impact is expected, and code execution is not possible through this vulnerability.
Detection Methods for CVE-2025-15468
Indicators of Compromise
- Unexpected application crashes or service restarts in QUIC-enabled services using OpenSSL
- Core dumps showing NULL pointer dereference in OpenSSL QUIC-related functions
- Anomalous QUIC handshake patterns with unusual or malformed cipher suite values in connection logs
- Increased connection failures from specific source addresses during QUIC handshakes
Detection Strategies
- Monitor application logs and system journals for segmentation faults or abnormal termination events in services using OpenSSL QUIC
- Implement network intrusion detection rules to identify QUIC ClientHello messages with malformed or suspicious cipher suite identifiers
- Deploy crash analysis tools to capture and analyze core dumps from affected services
- Use application performance monitoring (APM) to detect unexpected service restarts or availability issues
Monitoring Recommendations
- Enable detailed logging for QUIC handshake operations in affected applications
- Configure alerting for repeated process crashes or service restarts in QUIC-enabled endpoints
- Monitor network traffic for unusual patterns in QUIC connection establishment attempts
- Implement health checks that can rapidly detect and report service unavailability
How to Mitigate CVE-2025-15468
Immediate Actions Required
- Identify all applications and services using OpenSSL versions 3.3 through 3.6 with QUIC protocol support enabled
- Audit application code to determine if SSL_CIPHER_find() is being called within client_hello_cb callbacks
- Apply the official OpenSSL patches immediately for production systems using affected configurations
- Consider temporarily disabling QUIC protocol support in critical services until patches can be applied
Patch Information
OpenSSL has released patches addressing this vulnerability. The fixes are available through the following commits:
- GitHub OpenSSL Commit Fix
- GitHub OpenSSL Commit Modification
- GitHub OpenSSL Commit Update
- GitHub OpenSSL Commit Change
Organizations should upgrade to the latest patched versions of OpenSSL 3.3, 3.4, 3.5, or 3.6 as applicable. See the OpenSSL Security Advisory for complete details on affected versions and remediation.
Workarounds
- If immediate patching is not possible, add explicit NULL checks in application code after calling SSL_CIPHER_find() before using the returned value
- Avoid calling SSL_CIPHER_find() in the client_hello_cb callback for QUIC connections until patches are applied
- Consider disabling QUIC protocol support and falling back to TLS for critical services as a temporary measure
- Implement rate limiting on incoming QUIC connections to reduce the impact of potential exploitation attempts
# Verify OpenSSL version and check if QUIC support is enabled
openssl version -a
# Check for vulnerable OpenSSL versions in installed packages (Debian/Ubuntu)
dpkg -l | grep openssl
# Check for vulnerable OpenSSL versions in installed packages (RHEL/CentOS)
rpm -qa | grep openssl
# Update OpenSSL to the latest patched version (Debian/Ubuntu)
sudo apt update && sudo apt upgrade openssl
# Update OpenSSL to the latest patched version (RHEL/CentOS)
sudo yum update openssl
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
