Sign In

CVE-2025-9230

ADVISORY - nist

Summary

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.

Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.

Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy.

The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

EPSS Score: 0.00034 (0.093)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

Impacted images

Advisories

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2025-9230
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY
PackageTypeOS NameOS VersionAffected RangesFix Versions
alpine/opensslapkalpine3.20<3.3.5-r03.3.5-r0
alpine/opensslapkalpine3.20<3.3.5-r03.3.5-r0
alpine/libresslapkalpine3.23<4.1.1-r04.1.1-r0
alpine/libresslapkalpineedge<4.1.1-r04.1.1-r0
alpine/opensslapkalpineedge<3.5.4-r03.5.4-r0
alpine/opensslapkalpineedge<3.5.4-r03.5.4-r0
alpine/opensslapkalpineedge<=3.3.2-r4Not yet available
alpine/opensslapkalpineedge<=3.3.2-r5Not yet available
alpine/opensslapkalpineedge<=3.3.2-r6Not yet available
alpine/opensslapkalpineedge<=3.3.3-r0Not yet available
alpine/opensslapkalpineedge<=3.5.0-r0Not yet available
alpine/opensslapkalpineedge<=3.5.1-r0Not yet available
alpine/opensslapkalpineedge<=3.5.2-r0Not yet available
alpine/opensslapkalpineedge<=3.5.3-r0Not yet available
alpine/opensslapkalpineedge<=3.5.3-r1Not yet available
alpine/opensslapkalpineedge<=3.5.3-r2Not yet available
alpine/opensslapkalpine3.21<3.3.5-r03.3.5-r0
alpine/opensslapkalpine3.21<=3.3.2-r4Not yet available
alpine/opensslapkalpine3.21<=3.3.2-r5Not yet available
alpine/opensslapkalpine3.21<=3.3.2-r6Not yet available
alpine/opensslapkalpine3.21<=3.3.3-r0Not yet available
alpine/opensslapkalpine3.21<=3.3.4-r0Not yet available
alpine/opensslapkalpine3.19<3.1.8-r13.1.8-r1
alpine/opensslapkalpine3.20<=3.3.2-r1Not yet available
alpine/opensslapkalpine3.20<=3.3.2-r2Not yet available
alpine/opensslapkalpine3.20<=3.3.3-r0Not yet available
alpine/opensslapkalpine3.20<=3.3.4-r0Not yet available
alpine/opensslapkalpine3.23<3.5.4-r03.5.4-r0
alpine/opensslapkalpine3.22<3.5.4-r03.5.4-r0
alpine/opensslapkalpine3.22<=3.5.0-r0Not yet available
alpine/opensslapkalpine3.22<=3.5.1-r0Not yet available
alpine/opensslapkalpine3.22<=3.5.2-r0Not yet available
alpine/opensslapkalpine3.22<=3.5.3-r0Not yet available
alpine/opensslapkalpine3.22<=3.5.3-r1Not yet available
alpine/opensslapkalpine3.22<3.5.4-r03.5.4-r0
alpine/opensslapkalpine3.21<3.3.5-r03.3.5-r0

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

UPDATED

ADVISORY IDCVE-2025-9230
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-125CWE-787

CVSS SCORE

7.5high

Debian

CREATED

UPDATED

ADVISORY IDCVE-2025-9230
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2025-9230
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

UPDATED

ADVISORY IDALAS2-2025-3022
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

UPDATED

ADVISORY IDALAS2-2025-3033
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

UPDATED

ADVISORY IDALAS2-2025-3034
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

UPDATED

ADVISORY IDALAS2023-2025-1225
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-3w65-8r9h-75gq

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

UPDATED

ADVISORY ID

CVE-2025-9230

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5high

minimos

CREATED

UPDATED

ADVISORY ID

MINI-547w-mfp7-933m

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-ppc3-98mh-q4wq

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY