VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-9nmg-h851-gfcq

Essentials
Severities (20)
References (10)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-9nmg-h851-gfcq
Aliases	CVE-2025-9231
Summary	openssl: Timing side-channel in SM2 algorithm on 64 bit ARM
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-208	Observable Timing Discrepancy
CWE-385	Covert Timing Channel

System	Score	Found at
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9231.json
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2025-9231
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2025-9231
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2025-9231
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2025-9231
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2025-9231
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2025-9231
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2025-9231
epss	0.00022	https://api.first.org/data/v1/epss?cve=CVE-2025-9231
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.5	https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe
ssvc	Track	https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe
cvssv3.1	6.5	https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698
ssvc	Track	https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698
cvssv3.1	6.5	https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4
ssvc	Track	https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4
cvssv3.1	6.5	https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2
ssvc	Track	https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2
cvssv3.1	6.5	https://openssl-library.org/news/secadv/20250930.txt
ssvc	Track	https://openssl-library.org/news/secadv/20250930.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9231.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-9231
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
20250930.txt		https://openssl-library.org/news/secadv/20250930.txt
2396055		https://bugzilla.redhat.com/show_bug.cgi?id=2396055
567f64386e43683888212226824b6a179885a0fe		https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe
cba616c26ac8e7b37de5e77762e505ba5ca51698		https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698
eed5adc9f969d77c94f213767acbb41ff923b6f4		https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4
fc47a2ec078912b3e914fab5734535e76c4820c2		https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2
USN-7786-1		https://usn.ubuntu.com/7786-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9231.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/ Found at https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/ Found at https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/ Found at https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/ Found at https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Found at https://openssl-library.org/news/secadv/20250930.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:27:45Z/ Found at https://openssl-library.org/news/secadv/20250930.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.05928
EPSS Score	0.00022
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:36:23.313177+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9231.json	38.0.0