OpenSSL has released new versions to address three vulnerabilities, including issues that could potentially enable attackers to recover private keys or execute arbitrary code. These updates enhance the security of many applications and services relying on OpenSSL for encrypted communications. #OpenSSL #CVEs2025_9230_9231_9232
Keypoints
- OpenSSL released versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm, and 1.1.1zd to fix vulnerabilities.
- Three vulnerabilities, CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232, are addressed in these updates.
- CVE-2025-9231 may allow attackers to recover private keys, mainly impacting 64-bit ARM platforms using the SM2 algorithm.
- CVE-2025-9230 involves an out-of-bounds read/write that can lead to arbitrary code execution or Denial of Service (DoS).
- The vulnerabilities’ overall severity is moderate to low, with most fixes increasing OpenSSL’s resilience against attacks like MitM and DoS.