OpenSSL has a critical unauthenticated RCE vulnerability, CVE-2025-15467
Contents
On January 27, 2026, OpenSSL released a security update. The release fixed 12 vulnerabilities, but CVE-2025-15467 is especially dangerous because it may allow remote code execution (RCE) without authentication.
Vulnerability Overview
| Item | Details |
|---|---|
| CVE | CVE-2025-15467 |
| Severity | High |
| Type | Stack buffer overflow |
| Affected versions | OpenSSL 3.0, 3.3, 3.4, 3.5, 3.6 |
| Disclosure date | January 27, 2026 |
OpenSSL 1.1.1 and 1.0.2 are not affected.
CVE-2025-15467: Stack overflow in CMS AuthEnvelopedData
Technical details
The issue occurs when processing CMS (Cryptographic Message Syntax) AuthEnvelopedData messages, specifically when AEAD ciphers such as AES-GCM are used.
The problem is in the handling of the initialization vector (IV). When the IV decoded from ASN.1 parameters is copied into a fixed-size stack buffer, its length is not validated. An attacker can send a crafted CMS message containing an oversized IV and trigger a stack-based buffer overflow.
Parse CMS AuthEnvelopedData
└─ Process AEAD parameters
└─ Copy IV into fixed-size buffer ← no length validation
└─ Stack buffer overflowWhy it is dangerous
What makes this vulnerability especially serious is that it happens before authentication.
Because the overflow occurs prior to authentication, no valid key material is required to trigger it.
That means an attacker does not need valid keys or credentials. Applications that process S/MIME AuthEnvelopedData or PKCS#7 content are potential targets.
Expected impact
- DoS: process crash
- RCE: arbitrary code execution may be possible depending on exploit sophistication
CVE-2025-11187: Buffer overflow in PKCS#12 verification
Another vulnerability fixed in the same release.
| Item | Details |
|---|---|
| CVE | CVE-2025-11187 |
| Severity | Moderate |
| Type | Stack buffer overflow |
During PKCS#12 file verification, a stack overflow occurs when the key length exceeds 64 bytes.
Affected versions and fixes
| Current version | Update to |
|---|---|
| 3.6.x | 3.6.1 |
| 3.5.x | 3.5.5 |
| 3.4.x | 3.4.4 |
| 3.3.x | 3.3.6 |
| 3.0.x | 3.0.19 |
The FIPS module is not affected because the CMS implementation sits outside the FIPS module boundary.
Check your version
openssl versionHow to update
Update through your distribution’s package manager.
# Ubuntu/Debian
sudo apt update && sudo apt upgrade openssl
# RHEL/CentOS/Fedora
sudo dnf update openssl
# macOS (Homebrew)
brew upgrade opensslIf you build from source, get the latest release from OpenSSL Downloads.
AI discovered all 12 vulnerabilities
According to reports, all 12 vulnerabilities fixed in this release were discovered by AI systems from Aisle Research. This is being highlighted as a notable example of AI in security research.