{"id":"CVE-2025-9230","details":"Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.","modified":"2026-04-24T06:42:50.481015960Z","published":"2025-09-30T14:15:41.050Z","related":["ALSA-2025:21248","ALSA-2025:21255","ALSA-2026:0337","ALSA-2026:2776","CGA-3564-hcr3-rwcx","SUSE-SU-2025:03437-1","SUSE-SU-2025:03438-1","SUSE-SU-2025:03439-1","SUSE-SU-2025:03440-1","SUSE-SU-2025:03441-1","SUSE-SU-2025:03442-1","SUSE-SU-2025:03443-1","SUSE-SU-2025:03463-1","SUSE-SU-2025:03464-1","SUSE-SU-2025:03522-1","SUSE-SU-2025:03523-1","SUSE-SU-2025:03546-1","SUSE-SU-2025:03586-1","SUSE-SU-2025:03630-1","SUSE-SU-2025:03632-1","SUSE-SU-2025:03635-1","SUSE-SU-2025:20867-1","SUSE-SU-2025:20896-1","SUSE-SU-2025:20910-1","SUSE-SU-2025:21213-1","SUSE-SU-2025:21224-1","SUSE-SU-2025:3758-1","SUSE-SU-2025:3917-1","SUSE-SU-2025:4126-1","SUSE-SU-2026:20542-1","SUSE-SU-2026:20607-1","openSUSE-SU-2025:15723-1","openSUSE-SU-2025:20164-1","openSUSE-SU-2026:10237-1"],"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/09/30/5"},{"type":"WEB","url":"https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3"},{"type":"WEB","url":"https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html"},{"type":"WEB","url":"https://openssl-library.org/news/secadv/20250930.txt"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"0"},{"fixed":"5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45"},{"fixed":"9e91358f365dee6c446dcdcdb01c04d2743fd280"},{"fixed":"a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def"},{"fixed":"b5282d677551afda7d20e9c00e09561b547b2dfd"},{"fixed":"bae259a211ada6315dc50900686daaaaaa55f482"}],"database_specific":{"source":"REFERENCES"}}],"versions":["BEFORE_engine","OpenSSL_0_9_1c","OpenSSL_0_9_2b","OpenSSL_0_9_3","OpenSSL_0_9_3a","OpenSSL_0_9_3beta2","OpenSSL_0_9_4","OpenSSL_0_9_5a","OpenSSL_0_9_5a-beta1","OpenSSL_0_9_5a-beta2","OpenSSL_0_9_5beta1","OpenSSL_0_9_5beta2","OpenSSL_0_9_6-beta3","OpenSSL_1_1_0-pre1","OpenSSL_1_1_0-pre2","OpenSSL_1_1_0-pre3","OpenSSL_1_1_0-pre4","OpenSSL_1_1_0-pre5","OpenSSL_1_1_0-pre6","OpenSSL_1_1_1","OpenSSL_1_1_1-pre1","OpenSSL_1_1_1-pre2","OpenSSL_1_1_1-pre3","OpenSSL_1_1_1-pre4","OpenSSL_1_1_1-pre5","OpenSSL_1_1_1-pre6","OpenSSL_1_1_1-pre7","OpenSSL_1_1_1-pre8","OpenSSL_1_1_1-pre9","master-post-auto-reformat","master-post-reformat","master-pre-auto-reformat","master-pre-reformat","openssl-3.0.0","openssl-3.0.0-alpha1","openssl-3.0.0-alpha10","openssl-3.0.0-alpha11","openssl-3.0.0-alpha12","openssl-3.0.0-alpha13","openssl-3.0.0-alpha14","openssl-3.0.0-alpha15","openssl-3.0.0-alpha16","openssl-3.0.0-alpha17","openssl-3.0.0-alpha2","openssl-3.0.0-alpha3","openssl-3.0.0-alpha4","openssl-3.0.0-alpha5","openssl-3.0.0-alpha6","openssl-3.0.0-alpha7","openssl-3.0.0-alpha8","openssl-3.0.0-alpha9","openssl-3.0.0-beta1","openssl-3.0.0-beta2","openssl-3.0.1","openssl-3.0.10","openssl-3.0.11","openssl-3.0.12","openssl-3.0.13","openssl-3.0.14","openssl-3.0.15","openssl-3.0.16","openssl-3.0.17","openssl-3.0.2","openssl-3.0.3","openssl-3.0.4","openssl-3.0.5","openssl-3.0.6","openssl-3.0.7","openssl-3.0.8","openssl-3.0.9","openssl-3.2.0","openssl-3.2.0-alpha1","openssl-3.2.0-alpha2","openssl-3.2.0-beta1","openssl-3.2.1","openssl-3.2.2","openssl-3.2.3","openssl-3.2.4","openssl-3.2.5","openssl-3.3.0","openssl-3.3.0-alpha1","openssl-3.3.0-beta1","openssl-3.3.1","openssl-3.3.2","openssl-3.3.3","openssl-3.3.4","openssl-3.4.0","openssl-3.4.0-alpha1","openssl-3.4.0-beta1","openssl-3.4.1","openssl-3.4.2","openssl-3.5.0","openssl-3.5.0-alpha1","openssl-3.5.0-beta1","openssl-3.5.1","openssl-3.5.2","openssl-3.5.3"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd","id":"CVE-2025-9230-02ac5e29","digest":{"function_hash":"310610205993824721719603100162943190325","length":972},"deprecated":false,"target":{"function":"kek_unwrap_key","file":"crypto/cms/cms_pwri.c"},"signature_type":"Function","signature_version":"v1"},{"target":{"function":"kek_unwrap_key","file":"crypto/cms/cms_pwri.c"},"source":"https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280","id":"CVE-2025-9230-134dc0c5","deprecated":false,"digest":{"function_hash":"288064464402476319748160412689280795960","length":999},"signature_type":"Function","signature_version":"v1"},{"deprecated":false,"target":{"file":"crypto/cms/cms_pwri.c"},"source":"https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45","id":"CVE-2025-9230-1da9f3c5","digest":{"threshold":0.9,"line_hashes":["124769319290588086665690307418488388621","248160723357739374133130242560886678241","25075001972745786862817024082550910254","166874394665713222959053304017234534031"]},"signature_type":"Line","signature_version":"v1"},{"deprecated":false,"target":{"function":"kek_unwrap_key","file":"crypto/cms/cms_pwri.c"},"source":"https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482","id":"CVE-2025-9230-2760fe4d","digest":{"function_hash":"288064464402476319748160412689280795960","length":999},"signature_type":"Function","signature_version":"v1"},{"source":"https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482","id":"CVE-2025-9230-29a45c4a","digest":{"line_hashes":["124769319290588086665690307418488388621","248160723357739374133130242560886678241","25075001972745786862817024082550910254","166874394665713222959053304017234534031"],"threshold":0.9},"deprecated":false,"target":{"file":"crypto/cms/cms_pwri.c"},"signature_type":"Line","signature_version":"v1"},{"id":"CVE-2025-9230-77f4530c","digest":{"function_hash":"288064464402476319748160412689280795960","length":999},"source":"https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45","deprecated":false,"target":{"function":"kek_unwrap_key","file":"crypto/cms/cms_pwri.c"},"signature_type":"Function","signature_version":"v1"},{"deprecated":false,"target":{"file":"crypto/cms/cms_pwri.c"},"source":"https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def","id":"CVE-2025-9230-b30ec3d2","digest":{"threshold":0.9,"line_hashes":["124769319290588086665690307418488388621","248160723357739374133130242560886678241","25075001972745786862817024082550910254","166874394665713222959053304017234534031"]},"signature_type":"Line","signature_version":"v1"},{"deprecated":false,"target":{"file":"crypto/cms/cms_pwri.c"},"source":"https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280","id":"CVE-2025-9230-c655c213","digest":{"line_hashes":["124769319290588086665690307418488388621","248160723357739374133130242560886678241","25075001972745786862817024082550910254","166874394665713222959053304017234534031"],"threshold":0.9},"signature_type":"Line","signature_version":"v1"},{"signature_version":"v1","id":"CVE-2025-9230-de9b80a6","digest":{"line_hashes":["124769319290588086665690307418488388621","248160723357739374133130242560886678241","25075001972745786862817024082550910254","166874394665713222959053304017234534031"],"threshold":0.9},"deprecated":false,"target":{"file":"crypto/cms/cms_pwri.c"},"signature_type":"Line","source":"https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd"},{"target":{"function":"kek_unwrap_key","file":"crypto/cms/cms_pwri.c"},"source":"https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def","id":"CVE-2025-9230-ed8aba81","deprecated":false,"digest":{"function_hash":"172635788243436732217564297134980327366","length":1026},"signature_type":"Function","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T03:28:59Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-9230.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}