OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution

Key Points:

• OpenSSL has released security updates addressing 12 vulnerabilities, including two critical remote code execution (RCE) flaws.
• The vulnerabilities primarily affect OpenSSL versions 3.0–3.6 and can lead to denial of service (DoS) or RCE, impacting systems that utilize the library for cryptographic functions.
• It is recommended to update OpenSSL to the latest version immediately to mitigate these vulnerabilities and ensure secure operations.

Technical Details: The most severe vulnerabilities are CVE‑2025‑15467, which allows for a stack overflow during AEAD parsing, and CVE‑2025‑11187, which involves a stack overflow in PBMAC1 during MAC verification. Both can potentially lead to RCE under specific conditions.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned