How to fix CVE-2025-15467?

Within 24 hours: Identify all systems running vulnerable CMS versions and assess exposure in production environments. Within 7 days: Apply the available vendor patch to all affected systems in a phased approach, starting with internet-facing and critical infrastructure. Within 30 days: Complete patching across all systems and validate remediation through security testing.

Is OpenSSL affected by CVE-2025-15467?

A critical vulnerability (CVE-2025-15467) in CMS message parsing could allow attackers to crash systems or execute malicious code through specially crafted messages, affecting any organization using vulnerable CMS implementations.

CVE-2025-15467

CRITICAL

2026-01-27 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Patch Released

Feb 25, 2026 - 22:16 nvd

Patch available

CVE Published

Jan 27, 2026 - 16:16 nvd

CRITICAL 9.8

Description

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Analysis

OpenSSL has a critical out-of-bounds write when parsing CMS AuthEnvelopedData/EnvelopedData with malicious AEAD parameters, enabling potential RCE.

Technical Context

OpenSSL has a CWE-787 out-of-bounds write when parsing CMS messages with maliciously crafted AEAD parameters. This affects any application processing CMS/PKCS#7 messages.

Affected Products

['OpenSSL (affected versions)']

Remediation

Update OpenSSL immediately. This is a high-impact vulnerability affecting the most widely-used TLS library.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +1.0

CVSS: +49

POC: 0

Vendor Status

CVE-2025-15467 vulnerability details – vuln.today

Back

CVE-2025-15467

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-15467

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code