VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-fwwa-41df-zqfk

Essentials
Severities (26)
References (55)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-fwwa-41df-zqfk
Aliases	CVE-2025-9230
Summary	openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-787	Out-of-bounds Write
CWE-125	Out-of-bounds Read

System	Score	Found at
cvssv3	5.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9230.json
epss	0.00034	https://api.first.org/data/v1/epss?cve=CVE-2025-9230
epss	0.00034	https://api.first.org/data/v1/epss?cve=CVE-2025-9230
epss	0.00034	https://api.first.org/data/v1/epss?cve=CVE-2025-9230
epss	0.00034	https://api.first.org/data/v1/epss?cve=CVE-2025-9230
epss	0.00034	https://api.first.org/data/v1/epss?cve=CVE-2025-9230
epss	0.00034	https://api.first.org/data/v1/epss?cve=CVE-2025-9230
epss	0.00034	https://api.first.org/data/v1/epss?cve=CVE-2025-9230
epss	0.00034	https://api.first.org/data/v1/epss?cve=CVE-2025-9230
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45
ssvc	Track	https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45
cvssv3.1	7.5	https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280
ssvc	Track	https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280
cvssv3.1	7.5	https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def
ssvc	Track	https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def
cvssv3.1	7.5	https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd
ssvc	Track	https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd
cvssv3.1	7.5	https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482
ssvc	Track	https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482
cvssv3.1	7.5	https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3
ssvc	Track	https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3
cvssv3.1	7.5	https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba
ssvc	Track	https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba
cvssv3.1	7.5	https://openssl-library.org/news/secadv/20250930.txt
ssvc	Track	https://openssl-library.org/news/secadv/20250930.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9230.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-9230
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
20250930.txt		https://openssl-library.org/news/secadv/20250930.txt
2396054		https://bugzilla.redhat.com/show_bug.cgi?id=2396054
5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45		https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45
9e91358f365dee6c446dcdcdb01c04d2743fd280		https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280
a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def		https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def
b5282d677551afda7d20e9c00e09561b547b2dfd		https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd
bae259a211ada6315dc50900686daaaaaa55f482		https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482
c2b96348bfa662f25f4fabf81958ae822063dae3		https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3
dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba		https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba
RHSA-2025:21174		https://access.redhat.com/errata/RHSA-2025:21174
RHSA-2025:21248		https://access.redhat.com/errata/RHSA-2025:21248
RHSA-2025:21255		https://access.redhat.com/errata/RHSA-2025:21255
RHSA-2025:21562		https://access.redhat.com/errata/RHSA-2025:21562
RHSA-2025:21994		https://access.redhat.com/errata/RHSA-2025:21994
RHSA-2025:22428		https://access.redhat.com/errata/RHSA-2025:22428
RHSA-2025:22529		https://access.redhat.com/errata/RHSA-2025:22529
RHSA-2025:22548		https://access.redhat.com/errata/RHSA-2025:22548
RHSA-2025:22794		https://access.redhat.com/errata/RHSA-2025:22794
RHSA-2025:22868		https://access.redhat.com/errata/RHSA-2025:22868
RHSA-2025:23078		https://access.redhat.com/errata/RHSA-2025:23078
RHSA-2025:23079		https://access.redhat.com/errata/RHSA-2025:23079
RHSA-2025:23080		https://access.redhat.com/errata/RHSA-2025:23080
RHSA-2025:23202		https://access.redhat.com/errata/RHSA-2025:23202
RHSA-2025:23204		https://access.redhat.com/errata/RHSA-2025:23204
RHSA-2025:23205		https://access.redhat.com/errata/RHSA-2025:23205
RHSA-2025:23209		https://access.redhat.com/errata/RHSA-2025:23209
RHSA-2025:23449		https://access.redhat.com/errata/RHSA-2025:23449
RHSA-2026:0332		https://access.redhat.com/errata/RHSA-2026:0332
RHSA-2026:0337		https://access.redhat.com/errata/RHSA-2026:0337
RHSA-2026:0420		https://access.redhat.com/errata/RHSA-2026:0420
RHSA-2026:0602		https://access.redhat.com/errata/RHSA-2026:0602
RHSA-2026:0674		https://access.redhat.com/errata/RHSA-2026:0674
RHSA-2026:0702		https://access.redhat.com/errata/RHSA-2026:0702
RHSA-2026:0714		https://access.redhat.com/errata/RHSA-2026:0714
RHSA-2026:0794		https://access.redhat.com/errata/RHSA-2026:0794
RHSA-2026:0887		https://access.redhat.com/errata/RHSA-2026:0887
RHSA-2026:1349		https://access.redhat.com/errata/RHSA-2026:1349
RHSA-2026:1475		https://access.redhat.com/errata/RHSA-2026:1475
RHSA-2026:1652		https://access.redhat.com/errata/RHSA-2026:1652
RHSA-2026:1720		https://access.redhat.com/errata/RHSA-2026:1720
RHSA-2026:2771		https://access.redhat.com/errata/RHSA-2026:2771
RHSA-2026:2776		https://access.redhat.com/errata/RHSA-2026:2776
RHSA-2026:2974		https://access.redhat.com/errata/RHSA-2026:2974
RHSA-2026:2994		https://access.redhat.com/errata/RHSA-2026:2994
RHSA-2026:2995		https://access.redhat.com/errata/RHSA-2026:2995
RHSA-2026:3164		https://access.redhat.com/errata/RHSA-2026:3164
RHSA-2026:3415		https://access.redhat.com/errata/RHSA-2026:3415
RHSA-2026:3461		https://access.redhat.com/errata/RHSA-2026:3461
RHSA-2026:3462		https://access.redhat.com/errata/RHSA-2026:3462
RHSA-2026:3861		https://access.redhat.com/errata/RHSA-2026:3861
USN-7786-1		https://usn.ubuntu.com/7786-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9230.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:30:08Z/ Found at https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:30:08Z/ Found at https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:30:08Z/ Found at https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:30:08Z/ Found at https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:30:08Z/ Found at https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:30:08Z/ Found at https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:30:08Z/ Found at https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://openssl-library.org/news/secadv/20250930.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T19:30:08Z/ Found at https://openssl-library.org/news/secadv/20250930.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.10091
EPSS Score	0.00034
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:36:21.962058+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9230.json	38.0.0