OpenSSL Security Update Advisory (CVE-2025-9230)

Overview

 

We have released a security update to address a vulnerability in OpenSSL. Users of affected products are advised to update to the latest version.

 

 

Affected Products

 

CVE-2025-9230

 

OpenSSL Version: 3.5.0 or higher but lower than 3.5.4
OpenSSL version: 3.4.0 or higher but lower than 3.4.3
OpenSSL version: 3.3.0 or higher but lower than 3.3.5
OpenSSL version: 3.2.0 or later but less than 3.2.6
OpenSSL version: 3.0.0 or higher but lower than 3.0.18
OpenSSL version: 1.1.1 or later but less than 1.1.1zd
OpenSSL version: 1.0.2 or later but less than 1.0.2zm

 

 

Resolved Vulnerabilities

 

Out-of-bounds read and write vulnerability in OpenSSL’s implementation of RFC-3211 KEK Unwrap (CVE-2025-9230)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-9230

 

OpenSSL Version: 3.5.4 
OpenSSL version: 3.4.3 
OpenSSL version: 3.3.5 
OpenSSL version: 3.2.6 
OpenSSL version: 3.0.18 
OpenSSL version: 1.1.1zd 
OpenSSL version: 1.0.2zm

 

 

References

 

[1] OpenSSL Security Advisory [30th September 2025]
https://openssl-library.org/news/secadv/20250930.txt