VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-p7ca-uc7n-mfc4

Essentials
Severities (21)
References (20)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-p7ca-uc7n-mfc4
Aliases	CVE-2025-69418
Summary	openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls
Status	Published
Exploitability	0.5
Weighted Severity	3.6
Risk	1.8
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-325

Missing Cryptographic Step

System	Score	Found at
cvssv3	4.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69418.json
epss	7e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-69418
epss	7e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-69418
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-69418
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-69418
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-69418
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-69418
epss	8e-05	https://api.first.org/data/v1/epss?cve=CVE-2025-69418
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	4	https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc
ssvc	Track	https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc
cvssv3.1	4	https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8
ssvc	Track	https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8
cvssv3.1	4	https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347
ssvc	Track	https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347
cvssv3.1	4	https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae
ssvc	Track	https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae
cvssv3.1	4	https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977
ssvc	Track	https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977
cvssv3.1	4	https://openssl-library.org/news/secadv/20260127.txt
ssvc	Track	https://openssl-library.org/news/secadv/20260127.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69418.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-69418
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
20260127.txt		https://openssl-library.org/news/secadv/20260127.txt
2430381		https://bugzilla.redhat.com/show_bug.cgi?id=2430381
372fc5c77529695b05b4f5b5187691a57ef5dffc		https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc
4016975d4469cd6b94927c607f7c511385f928d8		https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8
52d23c86a54adab5ee9f80e48b242b52c4cc2347		https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347
a7589230356d908c0eca4b969ec4f62106f4f5ae		https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae
ed40856d7d4ba6cb42779b6770666a65f19cb977		https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977
RHSA-2026:1472		https://access.redhat.com/errata/RHSA-2026:1472
RHSA-2026:1473		https://access.redhat.com/errata/RHSA-2026:1473
RHSA-2026:1736		https://access.redhat.com/errata/RHSA-2026:1736
RHSA-2026:2485		https://access.redhat.com/errata/RHSA-2026:2485
RHSA-2026:2563		https://access.redhat.com/errata/RHSA-2026:2563
RHSA-2026:3228		https://access.redhat.com/errata/RHSA-2026:3228
RHSA-2026:4943		https://access.redhat.com/errata/RHSA-2026:4943
USN-7980-1		https://usn.ubuntu.com/7980-1/
USN-7980-2		https://usn.ubuntu.com/7980-2/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69418.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T15:06:43Z/ Found at https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T15:06:43Z/ Found at https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T15:06:43Z/ Found at https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T15:06:43Z/ Found at https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T15:06:43Z/ Found at https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://openssl-library.org/news/secadv/20260127.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T15:06:43Z/ Found at https://openssl-library.org/news/secadv/20260127.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.00638
EPSS Score	7e-05
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:32:17.263924+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69418.json	38.0.0