Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-j51b-cm37-6fdj
Vulnerability ID VCID-j51b-cm37-6fdj
Aliases CVE-2025-11187
Summary openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file
Status Published
Exploitability 0.5
Weighted Severity 5.5
Risk 2.8
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-233 Improper Handling of Parameters
CWE-476 NULL Pointer Dereference
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 6.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11187.json
epss 6e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
epss 6e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2025-11187
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.1 https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206
ssvc Track* https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206
cvssv3.1 6.1 https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8
ssvc Track* https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8
cvssv3.1 6.1 https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e
ssvc Track* https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e
cvssv3.1 6.1 https://openssl-library.org/news/secadv/20260127.txt
ssvc Track* https://openssl-library.org/news/secadv/20260127.txt
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11187.json
https://api.first.org/data/v1/epss?cve=CVE-2025-11187
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
20260127.txt https://openssl-library.org/news/secadv/20260127.txt
205e3a55e16e4bd08c12fdbd3416ab829c0f6206 https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206
2430375 https://bugzilla.redhat.com/show_bug.cgi?id=2430375
8caf359d6e46fb413e8f5f0df765d2e8a51df4e8 https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8
e1079bc17ed93ff16f6b86f33a2fe3336e78817e https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e
RHSA-2026:1472 https://access.redhat.com/errata/RHSA-2026:1472
RHSA-2026:1473 https://access.redhat.com/errata/RHSA-2026:1473
RHSA-2026:1496 https://access.redhat.com/errata/RHSA-2026:1496
RHSA-2026:1736 https://access.redhat.com/errata/RHSA-2026:1736
RHSA-2026:2485 https://access.redhat.com/errata/RHSA-2026:2485
RHSA-2026:2563 https://access.redhat.com/errata/RHSA-2026:2563
RHSA-2026:3228 https://access.redhat.com/errata/RHSA-2026:3228
RHSA-2026:4943 https://access.redhat.com/errata/RHSA-2026:4943
RHSA-2026:7261 https://access.redhat.com/errata/RHSA-2026:7261
USN-7980-1 https://usn.ubuntu.com/7980-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11187.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H Found at https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T03:55:43Z/ Found at https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H Found at https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T03:55:43Z/ Found at https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H Found at https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T03:55:43Z/ Found at https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H Found at https://openssl-library.org/news/secadv/20260127.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-20T03:55:43Z/ Found at https://openssl-library.org/news/secadv/20260127.txt
Exploit Prediction Scoring System (EPSS)
Percentile 0.00354
EPSS Score 6e-05
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:32:16.921909+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11187.json 38.0.0