Search for vulnerabilities
Vulnerability details: VCID-hxyg-8211-puc7
Vulnerability ID VCID-hxyg-8211-puc7
Aliases CVE-2025-32990
Summary A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
Status Published
Exploitability 0.5
Weighted Severity 7.4
Risk 3.7
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32990.json
cvssv3.1 6.5 https://access.redhat.com/security/cve/CVE-2025-32990
ssvc Track https://access.redhat.com/security/cve/CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2025-32990
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=2359620
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2359620
cvssv3.1 4.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.2 https://nvd.nist.gov/vuln/detail/CVE-2025-32990
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32990.json
https://api.first.org/data/v1/epss?cve=CVE-2025-32990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32990
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:/a:redhat:openshift:4 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2025-32990 https://access.redhat.com/security/cve/CVE-2025-32990
CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-32990
show_bug.cgi?id=2359620 https://bugzilla.redhat.com/show_bug.cgi?id=2359620
USN-7635-1 https://usn.ubuntu.com/7635-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32990.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://access.redhat.com/security/cve/CVE-2025-32990
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:06:53Z/ Found at https://access.redhat.com/security/cve/CVE-2025-32990
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2359620
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-10T14:06:53Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2359620
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-32990
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.18567
EPSS Score 0.00059
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:55:32.674403+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7635-1/ 37.0.0