OpenSSL patches critical flaw allowing potential remote code execution.

OpenSSL issued updates fixing 12 vulnerabilities, including a high‑severity stack buffer overflow that could allow crashes or remote code execution when parsing certain CMS structures. The flaw, CVE‑2025‑15467, stems from copying oversized initialization vectors into a fixed‑size buffer before authentication checks occur. A second bug, CVE‑2025‑11187, can also lead to denial‑of‑service or possible code execution, while the remaining issues are lower‑severity problems largely tied to crashes or information exposure. All were discovered by Aisle, which also identified several additional flaws that were resolved before reaching a public release.

Read more:

https://www.securityweek.com/high-severity-remote-code-execution-vulnerability-patched-in-openssl/