CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

OpenSSL Vulnerabilities in Versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm, and 1.1.1zd

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The OpenSSL Project has released updates to fix three vulnerabilities in multiple versions of the OpenSSL library. The vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232, allow for private key recovery, arbitrary code execution, and denial-of-service (DoS) attacks. The most severe flaw, CVE-2025-9231, affects the SM2 algorithm implementation on 64-bit ARM platforms, potentially enabling attackers to recover private keys and decrypt encrypted traffic or conduct man-in-the-middle (MitM) attacks. The other two vulnerabilities, CVE-2025-9230 and CVE-2025-9232, have moderate and low severity ratings, respectively. The vulnerabilities were discovered in versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm, and 1.1.1zd of the OpenSSL library. The updates are available for immediate deployment to mitigate the risks associated with these vulnerabilities.

Timeline

  1. 01.10.2025 16:59 1 articles · 9h ago

    OpenSSL Releases Patches for Three Vulnerabilities in Multiple Versions

    The OpenSSL Project has released updates for versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm, and 1.1.1zd to address three vulnerabilities. CVE-2025-9231 allows private key recovery on 64-bit ARM platforms using the SM2 algorithm, potentially enabling decryption of encrypted traffic and MitM attacks. CVE-2025-9230 is an out-of-bounds read/write issue that can lead to arbitrary code execution or DoS attacks. CVE-2025-9232 is a low-severity vulnerability that can cause crashes resulting in DoS conditions. These updates are essential for mitigating the risks associated with these vulnerabilities.

    Show sources
    Open in new tab

Information Snippets