What is the CVSS score of CVE-2025-68160?

CVE-2025-68160 has a CVSS 3.1 base score of 4.7 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of OpenSSL are affected by CVE-2025-68160?

CVE-2025-68160 presents moderate security risk, a out-of-bounds write vulnerability rated CVSS 4.7. Exploitation could cause memory corruption or application crashes.. A patch is available.

How to fix or mitigate CVE-2025-68160?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

OpenSSL CVE-2025-68160

MEDIUM

Out-of-bounds Write (CWE-787)

2026-01-27 openssl-security@openssl.org

Buffer Overflow Denial Of Service Memory Corruption OpenSSL

4.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Patch released

Feb 02, 2026 - 18:36 nvd

Patch available

CVE Published

Jan 27, 2026 - 16:16 nvd

MEDIUM 4.7

DescriptionNVD

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write.

Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application.

The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.

AnalysisAI

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. [CVSS 4.7 MEDIUM]

Technical ContextAI

Classified as CWE-787 (Out-of-bounds Write). Affects Openssl. Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write.

Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application.

The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed

RemediationAI

A vendor patch is available — apply it immediately. Enable ASLR, DEP/NX, and stack canaries where possible.

Vendor StatusVendor

CVE-2025-68160 vulnerability details – vuln.today

Back

OpenSSL CVE-2025-68160

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Share

External POC / Exploit Code