Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-69418

Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware-accelerated code paths, inputs whose length is not a multiple<br>of 16 bytes can leave the final partial block unencrypted and unauthenticated.<br><br>Impact summary: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection.<br><br>The low-level OCB encrypt and decrypt routines in the hardware-accelerated<br>stream path process full 16-byte blocks but do not advance the input/output<br>pointers. The subsequent tail-handling code then operates on the original<br>base pointers, effectively reprocessing the beginning of the buffer while<br>leaving the actual trailing bytes unprocessed. The authentication checksum<br>also excludes the true tail bytes.<br><br>However, typical OpenSSL consumers using EVP are not affected because the<br>higher-level EVP and provider OCB implementations split inputs so that full<br>blocks and trailing partial blocks are processed in separate calls, avoiding<br>the problematic code path. Additionally, TLS does not use OCB ciphersuites.<br>The vulnerability only affects applications that call the low-level<br>CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with<br>non-block-aligned lengths in a single call on hardware-accelerated builds.<br>For these reasons the issue was assessed as Low severity.<br><br>The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected<br>by this issue, as OCB mode is not a FIPS-approved algorithm.<br><br>OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.<br><br>OpenSSL 1.0.2 is not affected by this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.2%
CVSS Severity
CVSS v3 Score 4.0
Products affected by CVE-2025-69418
  • Openssl » Openssl » Version: Any
    cpe:2.3:a:openssl:openssl:*
  • Openssl » Openssl » Version: 1.1.1
    cpe:2.3:a:openssl:openssl:1.1.1
  • Openssl » Openssl » Version: 1.1.1a
    cpe:2.3:a:openssl:openssl:1.1.1a
  • Openssl » Openssl » Version: 1.1.1b
    cpe:2.3:a:openssl:openssl:1.1.1b
  • Openssl » Openssl » Version: 1.1.1c
    cpe:2.3:a:openssl:openssl:1.1.1c
  • Openssl » Openssl » Version: 1.1.1d
    cpe:2.3:a:openssl:openssl:1.1.1d
  • Openssl » Openssl » Version: 1.1.1e
    cpe:2.3:a:openssl:openssl:1.1.1e
  • Openssl » Openssl » Version: 1.1.1f
    cpe:2.3:a:openssl:openssl:1.1.1f
  • Openssl » Openssl » Version: 1.1.1g
    cpe:2.3:a:openssl:openssl:1.1.1g
  • Openssl » Openssl » Version: 1.1.1h
    cpe:2.3:a:openssl:openssl:1.1.1h
  • Openssl » Openssl » Version: 1.1.1i
    cpe:2.3:a:openssl:openssl:1.1.1i
  • Openssl » Openssl » Version: 1.1.1j
    cpe:2.3:a:openssl:openssl:1.1.1j
  • Openssl » Openssl » Version: 1.1.1k
    cpe:2.3:a:openssl:openssl:1.1.1k
  • Openssl » Openssl » Version: 1.1.1l
    cpe:2.3:a:openssl:openssl:1.1.1l
  • Openssl » Openssl » Version: 1.1.1m
    cpe:2.3:a:openssl:openssl:1.1.1m
  • Openssl » Openssl » Version: 1.1.1n
    cpe:2.3:a:openssl:openssl:1.1.1n
  • Openssl » Openssl » Version: 1.1.1o
    cpe:2.3:a:openssl:openssl:1.1.1o
  • Openssl » Openssl » Version: 1.1.1p
    cpe:2.3:a:openssl:openssl:1.1.1p
  • Openssl » Openssl » Version: 1.1.1q
    cpe:2.3:a:openssl:openssl:1.1.1q
  • Openssl » Openssl » Version: 1.1.1r
    cpe:2.3:a:openssl:openssl:1.1.1r
  • Openssl » Openssl » Version: 1.1.1s
    cpe:2.3:a:openssl:openssl:1.1.1s
  • Openssl » Openssl » Version: 1.1.1t
    cpe:2.3:a:openssl:openssl:1.1.1t
  • Openssl » Openssl » Version: 1.1.1u
    cpe:2.3:a:openssl:openssl:1.1.1u
  • Openssl » Openssl » Version: 1.1.1v
    cpe:2.3:a:openssl:openssl:1.1.1v
  • Openssl » Openssl » Version: 1.1.1w
    cpe:2.3:a:openssl:openssl:1.1.1w
  • Openssl » Openssl » Version: 1.1.1x
    cpe:2.3:a:openssl:openssl:1.1.1x
  • Openssl » Openssl » Version: 3.0.0
    cpe:2.3:a:openssl:openssl:3.0.0
  • Openssl » Openssl » Version: 3.0.1
    cpe:2.3:a:openssl:openssl:3.0.1
  • Openssl » Openssl » Version: 3.0.10
    cpe:2.3:a:openssl:openssl:3.0.10
  • Openssl » Openssl » Version: 3.0.11
    cpe:2.3:a:openssl:openssl:3.0.11
  • Openssl » Openssl » Version: 3.0.12
    cpe:2.3:a:openssl:openssl:3.0.12
  • Openssl » Openssl » Version: 3.0.13
    cpe:2.3:a:openssl:openssl:3.0.13
  • Openssl » Openssl » Version: 3.0.14
    cpe:2.3:a:openssl:openssl:3.0.14
  • Openssl » Openssl » Version: 3.0.15
    cpe:2.3:a:openssl:openssl:3.0.15
  • Openssl » Openssl » Version: 3.0.2
    cpe:2.3:a:openssl:openssl:3.0.2
  • Openssl » Openssl » Version: 3.0.3
    cpe:2.3:a:openssl:openssl:3.0.3
  • Openssl » Openssl » Version: 3.0.4
    cpe:2.3:a:openssl:openssl:3.0.4
  • Openssl » Openssl » Version: 3.0.5
    cpe:2.3:a:openssl:openssl:3.0.5
  • Openssl » Openssl » Version: 3.0.6
    cpe:2.3:a:openssl:openssl:3.0.6
  • Openssl » Openssl » Version: 3.0.7
    cpe:2.3:a:openssl:openssl:3.0.7
  • Openssl » Openssl » Version: 3.0.8
    cpe:2.3:a:openssl:openssl:3.0.8
  • Openssl » Openssl » Version: 3.0.9
    cpe:2.3:a:openssl:openssl:3.0.9
  • Openssl » Openssl » Version: 3.3.0
    cpe:2.3:a:openssl:openssl:3.3.0
  • Openssl » Openssl » Version: 3.3.1
    cpe:2.3:a:openssl:openssl:3.3.1
  • Openssl » Openssl » Version: 3.3.2
    cpe:2.3:a:openssl:openssl:3.3.2


Products
Pricing
Contact Us

Shodan ® - All rights reserved