How to fix CVE-2025-68160?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is OpenSSL affected by CVE-2025-68160?

CVE-2025-68160 presents moderate security risk, a out-of-bounds write vulnerability rated CVSS 4.7. Exploitation could cause memory corruption or application crashes. A patch is available and should be applied during regular vulnerability management.

CVE-2025-68160

MEDIUM

2026-01-27 [email protected]

4.7

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Patch Released

Feb 02, 2026 - 18:36 nvd

Patch available

CVE Published

Jan 27, 2026 - 16:16 nvd

MEDIUM 4.7

Description

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

Analysis

Technical Context

Classified as CWE-787 (Out-of-bounds Write). Affects Openssl. Issue summary: Writing large, newline-free data into a BIO chain using the

line-buffering filter where the next BIO performs short writes can trigger

a heap-based out-of-bounds write.

Impact summary: This out-of-bounds write can cause memory corruption which

typically results in a crash, leading to Denial of Service for an application.

The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in

TLS/SSL data paths. In OpenSSL command-line applications, it is typically

only pushed

Affected Products

Vendor: Openssl. Product: Openssl.

Remediation

A vendor patch is available — apply it immediately. Enable ASLR, DEP/NX, and stack canaries where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +24

POC: 0

Vendor Status

CVE-2025-68160 vulnerability details – vuln.today

Back

CVE-2025-68160

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-68160

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code