OpenSSL Patches 12 Vulnerabilities Including One Critical RCE

The OpenSSL Project released a major security advisory on January 27, 2026, addressing 12 vulnerabilities across multiple versions of the encryption library. The most severe issue is a critical stack-based buffer overflow that allows unauthenticated attackers to execute arbitrary code or trigger system crashes.

Vulnerabilities summary:

• CVE-2025-15467 (CVSS score 9.8) - A stack buffer overflow in CMS AuthEnvelopedData parsing that occurs when processing AEAD parameters with an oversized Initialization Vector (IV). Attackers can send a crafted CMS message to trigger an out-of-bounds write before any authentication or tag verification takes place. This allows for remote code execution or a denial-of-service without requiring valid keys or credentials.
• CVE-2025-11187 (CVSS score 6.1) - A moderate vulnerability involving improper validation of PBMAC1 parameters in PKCS#12 files. By providing an attacker-controlled keylength value that exceeds the 64-byte fixed stack buffer, a malicious file can trigger a buffer overflow or NULL pointer dereference. This results in a process crash or potential code execution when an application parses untrusted PKCS#12 content.
• CVE-2025-15468 (CVSS score 5.9) - A NULL pointer dereference in the SSL_CIPHER_find() function affecting QUIC protocol implementations. The flaw is triggered when a client or server receives an unknown cipher suite ID from a peer, causing the application to terminate abnormally.
• CVE-2025-66199 (CVSS score 5.9) - A resource exhaustion vulnerability in TLS 1.3 certificate compression that allows attackers to force large heap buffer allocations. By supplying a large uncompressed length value in a CompressedCertificate message, an attacker can cause per-connection allocations of up to 22 MiB, leading to service degradation.
• CVE-2025-15469 (CVSS score 5.5) - An integrity gap in the openssl dgst command-line tool that silently truncates input data exceeding 16MB when using one-shot signing algorithms like Ed25519. Because the tool reports success despite ignoring trailing bytes, attackers could modify the unauthenticated portion of a large file without detection.

Other vulnerabilities enable memory corruption through heap out-of-bounds writes (CVE-2025-68160) and type confusion during TimeStamp Response verification (CVE-2025-69420).

The security flaws affect OpenSSL versions 3.0 through 3.6, as well as legacy versions 1.1.1 and 1.0.2. The critical CVE-2025-15467 impacts the entire 3.x branch. The FIPS modules themselves are not affected because the vulnerable code resides outside the FIPS boundary, but the applications using these libraries remain susceptible to attack. Legacy versions 1.1.1 and 1.0.2 are primarily affected by lower-severity issues such as the line-buffering filter overflow.

Organizations should prioritize upgrading to patched versions, which include OpenSSL 3.6.1, 3.5.5, 3.4.4, 3.3.6, and 3.0.19.

 For those on premium support contracts, versions 1.1.1ze and 1.0.2zn have been made available. As a temporary mitigation for certificate compression risks, administrators can set the SSL_OP_NO_RX_CERTIFICATE_COMPRESSION flag. The only effective defense against the critical CMS and PKCS#12 overflows is the application of patches.