VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-d4rs-rag3-cfcy

Essentials
Severities (22)
References (36)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-d4rs-rag3-cfcy
Aliases	CVE-2025-15467
Summary	openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-787	Out-of-bounds Write

System	Score	Found at
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15467.json
epss	0.00705	https://api.first.org/data/v1/epss?cve=CVE-2025-15467
epss	0.00705	https://api.first.org/data/v1/epss?cve=CVE-2025-15467
epss	0.00705	https://api.first.org/data/v1/epss?cve=CVE-2025-15467
epss	0.00705	https://api.first.org/data/v1/epss?cve=CVE-2025-15467
epss	0.00705	https://api.first.org/data/v1/epss?cve=CVE-2025-15467
epss	0.00705	https://api.first.org/data/v1/epss?cve=CVE-2025-15467
epss	0.00819	https://api.first.org/data/v1/epss?cve=CVE-2025-15467
epss	0.00819	https://api.first.org/data/v1/epss?cve=CVE-2025-15467
cvssv3.1	9.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	8.8	https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703
ssvc	Track*	https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703
cvssv3.1	8.8	https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9
ssvc	Track*	https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9
cvssv3.1	8.8	https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3
ssvc	Track*	https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3
cvssv3.1	8.8	https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e
ssvc	Track*	https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e
cvssv3.1	8.8	https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc
ssvc	Track*	https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc
cvssv3.1	8.8	https://openssl-library.org/news/secadv/20260127.txt
ssvc	Track*	https://openssl-library.org/news/secadv/20260127.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15467.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-15467
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
20260127.txt		https://openssl-library.org/news/secadv/20260127.txt
2430376		https://bugzilla.redhat.com/show_bug.cgi?id=2430376
2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703		https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703
5f26d4202f5b89664c5c3f3c62086276026ba9a9		https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9
6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3		https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3
ce39170276daec87f55c39dad1f629b56344429e		https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e
d0071a0799f20cc8101730145349ed4487c268dc		https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc
RHSA-2026:1472		https://access.redhat.com/errata/RHSA-2026:1472
RHSA-2026:1473		https://access.redhat.com/errata/RHSA-2026:1473
RHSA-2026:1496		https://access.redhat.com/errata/RHSA-2026:1496
RHSA-2026:1503		https://access.redhat.com/errata/RHSA-2026:1503
RHSA-2026:1519		https://access.redhat.com/errata/RHSA-2026:1519
RHSA-2026:1594		https://access.redhat.com/errata/RHSA-2026:1594
RHSA-2026:1733		https://access.redhat.com/errata/RHSA-2026:1733
RHSA-2026:1736		https://access.redhat.com/errata/RHSA-2026:1736
RHSA-2026:2072		https://access.redhat.com/errata/RHSA-2026:2072
RHSA-2026:2077		https://access.redhat.com/errata/RHSA-2026:2077
RHSA-2026:2485		https://access.redhat.com/errata/RHSA-2026:2485
RHSA-2026:2563		https://access.redhat.com/errata/RHSA-2026:2563
RHSA-2026:2633		https://access.redhat.com/errata/RHSA-2026:2633
RHSA-2026:2659		https://access.redhat.com/errata/RHSA-2026:2659
RHSA-2026:2671		https://access.redhat.com/errata/RHSA-2026:2671
RHSA-2026:2844		https://access.redhat.com/errata/RHSA-2026:2844
RHSA-2026:2974		https://access.redhat.com/errata/RHSA-2026:2974
RHSA-2026:2995		https://access.redhat.com/errata/RHSA-2026:2995
RHSA-2026:3228		https://access.redhat.com/errata/RHSA-2026:3228
RHSA-2026:3415		https://access.redhat.com/errata/RHSA-2026:3415
RHSA-2026:3461		https://access.redhat.com/errata/RHSA-2026:3461
RHSA-2026:3462		https://access.redhat.com/errata/RHSA-2026:3462
RHSA-2026:4419		https://access.redhat.com/errata/RHSA-2026:4419
RHSA-2026:4943		https://access.redhat.com/errata/RHSA-2026:4943
RHSA-2026:6481		https://access.redhat.com/errata/RHSA-2026:6481
USN-7980-1		https://usn.ubuntu.com/7980-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15467.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/ Found at https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/ Found at https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/ Found at https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/ Found at https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/ Found at https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://openssl-library.org/news/secadv/20260127.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-19T18:39:38Z/ Found at https://openssl-library.org/news/secadv/20260127.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.72078
EPSS Score	0.00705
Published At	April 7, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:32:16.332092+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15467.json	38.0.0