Search for vulnerabilities
Vulnerability details: VCID-wgxb-syjn-cqdh
Vulnerability ID VCID-wgxb-syjn-cqdh
Aliases CVE-2025-32989
Summary A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-295 Improper Certificate Validation
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32989.json
cvssv3.1 5.3 https://access.redhat.com/security/cve/CVE-2025-32989
ssvc Track https://access.redhat.com/security/cve/CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00023 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-32989
cvssv3.1 5.3 https://bugzilla.redhat.com/show_bug.cgi?id=2359621
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2359621
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32989.json
https://api.first.org/data/v1/epss?cve=CVE-2025-32989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32989
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:/a:redhat:openshift:4 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2025-32989 https://access.redhat.com/security/cve/CVE-2025-32989
CVE-2025-32989 https://nvd.nist.gov/vuln/detail/CVE-2025-32989
show_bug.cgi?id=2359621 https://bugzilla.redhat.com/show_bug.cgi?id=2359621
USN-7635-1 https://usn.ubuntu.com/7635-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32989.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2025-32989
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:04:51Z/ Found at https://access.redhat.com/security/cve/CVE-2025-32989
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2359621
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:04:51Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2359621
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.03965
EPSS Score 0.00021
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:55:32.708300+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7635-1/ 37.0.0