Home / mailingsPDF  

FreeBSD Security Advisory FreeBSD-SA-25:08.openssl

Posted on 30 September 2025
FreeBSD security notificat

=============================================================================FreeBSD-SA-25:08.openssl Security Advisory
The FreeBSD Project

Topic: Multiple vulnerabilities in OpenSSL

Category: contrib
Module: openssl
Announced: 2025-09-30
Credits: Stanislav Fort (Aisle Research)
Affects: All supported versions of FreeBSD.
Corrected: 2025-09-30 15:26:14 UTC (stable/15, 15.0-ALPHA4)
2025-09-30 15:28:38 UTC (stable/14, 14.3-STABLE)
2025-09-30 15:37:16 UTC (releng/14.3, 14.3-RELEASE-p4)
2025-09-30 15:37:25 UTC (releng/14.2, 14.2-RELEASE-p7)
2025-09-30 15:30:02 UTC (stable/13, 13.5-STABLE)
2025-09-30 15:37:35 UTC (releng/13.5, 13.5-RELEASE-p5)
CVE Name: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a
collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit for the Transport Layer Security (TLS) protocol. It is
also a general-purpose cryptography library.

II. Problem Description

* Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
Affects: FreeBSD 15.x, 14.x, and 13.x

An application trying to decrypt cryptographic message syntax (CMS) messages
encrypted using password based encryption can trigger an out-of-bounds read
and write.

* Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231)
Affects: FreeBSD 15.x only

A timing side-channel which could potentially allow remote recovery of the
private key exists in the SM2 algorithm implementation on 64-bit ARM
platforms.

* Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232)
Affects: FreeBSD 15.x and 14.x only

An application using the OpenSSL HTTP client API functions may trigger an
out-of-bounds read if the "no_proxy" environment variable is set and the host
portion of the authority component of the HTTP URL is an IPv6 address.

III. Impact

* Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
Affects: FreeBSD 15.x, 14.x, and 13.x

The out-of-bounds read may trigger a crash which leads to denial of service
for an application. The out-of-bounds write can cause a memory corruption
which can have various consequences including a denial of service or
execution of attacker-supplied code.

Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that an attacker would be able to
perform it is low. Password based (PWRI) encryption support in CMS
messages is very rarely used.

* Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231)
Affects: FreeBSD 15.x only

A timing side-channel in SM2 signature computations on 64 bit ARM platforms
could allow recovering the private key by an attacker.

OpenSSL does not directly support certificates with SM2 keys in TLS, and so
this CVE is not relevant in most TLS contexts. However, it is possible to
add support for such certificates via a custom provider.

* Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232)
Affects: FreeBSD 15.x and 14.x only

An out-of-bounds read can trigger a crash which leads to denial of service
for an application.

The OpenSSL HTTP client API functions can be used directly by applications
but they are also used by the OCSP client functions and CMP (Certificate
Management Protocol) client implementation in OpenSSL. However the URLs used
by these implementations are unlikely to be controlled by an attacker.

In this vulnerable code the out of bounds read can only trigger a crash.
Furthermore the vulnerability requires an attacker-controlled URL to be
passed from an application to the OpenSSL function and the user has to have
a "no_proxy" environment variable set.

IV. Workaround

No workaround is available. Several of the issues have mitigating factors.
Please see the Impact section for more details.

V. Solution

Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

Perform one of the following:

1) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 15.x]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-15.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-15.patch.asc
# gpg --verify openssl-15.patch.asc

[FreeBSD 14.x]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-14.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-14.patch.asc
# gpg --verify openssl-14.patch.asc

[FreeBSD 13.5]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-13.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-13.patch.asc
# gpg --verify openssl-13.patch.asc

b) Apply the patch. Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Restart all daemons that use the library, or reboot the system.

VI. Correction details

This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:

Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/15/ 4d6fd774b5b3 stable/15-n280387
stable/14/ 270158508d7c stable/14-n272541
releng/14.3/ 75d258af9fe9 releng/14.3-n271446
releng/14.2/ 6a0d914d9c3e releng/14.2-n269537
stable/13/ c0dbaf2b5dbd stable/13-n259448
releng/13.5/ ae7c74cfa531 releng/13.5-n259178
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

<URL:https://openssl-library.org/news/secadv/20250930.txt>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9231>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-25:08.openssl.asc>

 

TOP

Mailings :

Exploits :