OpenSSL Product Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in our OpenSSL products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-15467

 

OpenSSL version: 3.6
OpenSSL version: 3.5
OpenSSL version: 3.4
OpenSSL version: 3.3
OpenSSL version: 3.0

 

CVE-2025-69419

 

OpenSSL version: 3.6
OpenSSL version: 3.5
OpenSSL version: 3.4
OpenSSL version: 3.3
OpenSSL version: 3.0
OpenSSL version: 1.1.1

 

 

Resolved Vulnerabilities

 

Stack buffer overflow vulnerability in the parsing of CMS AuthEnvelopedData in OpenSSL (CVE-2025-15467)
Out-of-bounds write vulnerability in PKCS12_get_friendlyname() in OpenSSL during UTF-8 conversion (CVE-2025-69419)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-15467

 

OpenSSL version: 3.6.1
OpenSSL version: 3.5.5
OpenSSL version: 3.4.4
OpenSSL version: 3.3.6
OpenSSL version: 3.0.19

 

CVE-2025-69419

 

OpenSSL version: 3.6.1
OpenSSL version: 3.5.5
OpenSSL version: 3.4.4
OpenSSL version: 3.3.6
OpenSSL version: 3.0.19
OpenSSL version: 1.1.1ze

 

 

References

 

[1] OpenSSL Security Advisory [27th January 2026]
https://openssl-library.org/news/secadv/20260127.txt