[Vulnerability Alert] Critical Security Vulnerability Found in OpenSSL Library (CVE-2025-15467)

• Subject Explanation: [Vulnerability Alert] Critical Security Vulnerability Found in OpenSSL Library (CVE-2025-15467)

• Content Description:
  • Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202601-00000029
  • OpenSSL is an open-source encryption library primarily used for secure communication, SSL/TLS protocol implementation, and certificate management. It supports various encryption algorithms and is widely used in servers and applications.
  • Recently, OpenSSL released a security update to patch a critical security vulnerability (CVE-2025-15467, CVSS: 9.8). This is a heap buffer overflow vulnerability that may cause the program to terminate abnormally, triggering a Denial of Service (DoS) attack, or even potentially causing remote code execution.
• Impacted Platforms:
  • OpenSSL library versions from 3.6.0 to prior to 3.6.1
  • OpenSSL library versions from 3.5.0 to prior to 3.5.5
  • OpenSSL library versions from 3.4.0 to prior to 3.4.4
  • OpenSSL library versions from 3.3.0 to prior to 3.3.6
  • OpenSSL library versions from 3.0.0 to prior to 3.0.19
• Suggested Measures:
  • Please update to the following versions: OpenSSL library 3.6.1 (or later), OpenSSL library 3.5.5 (or later), OpenSSL library 3.4.4 (or later), OpenSSL library 3.3.6 (or later), OpenSSL library 3.0.19 (or later)
• References:
  1. https://www.twcert.org.tw/tw/cp-169-10692-38c40-1.html

Computer and Communication Center Network Systems Division