Critical OpenSSL Patch Targets Key Recovery and DoS Vulnerabilities

Elvis Emeka Ikeji Security 01 October 2025 Hits: 30

The OpenSSL Project has released several new versions of its open-source SSL/TLS toolkit to apply patches for three security vulnerabilities.

The newly released versions of the OpenSSL Library are 3.5.4,3.4.3,3.3.5,3.2.6,3.0.18,1.0.2zm, and 1.1.1zd. Most of these releases fix all three flaws, which are tracked as CVE-2025-9230, CVE-2025-9231,$ and CVE−2025−9232.

Two of these vulnerabilities are rated as 'moderate severity'.

CVE-2025-9231 is one of the moderate flaws and could potentially let an attacker recover a private key. Since OpenSSL secures communication for many applications and services, obtaining a private key could enable an attacker to decrypt traffic or perform a man-in-the-middle (MitM) attack. However, OpenSSL developers noted that this specific issue only impacts the SM2 algorithm implementation on 64-bit ARM platforms. They explained the flaw is not relevant in most TLS contexts but was given a moderate rating because a custom provider could theoretically be used to recover the private key via remote timing measurements.
CVE-2025-9230 is the second moderate-severity flaw. It is an out-of-bound read/write issue that could be exploited for arbitrary code execution or Denial-of-Service (DoS) attacks. Despite the severe consequences of a successful exploit, the OpenSSL Project's security advisory states that the probability of an attacker exploiting it is low.

The third vulnerability is rated as 'low severity' and can be exploited to cause a crash, leading to a DoS condition.

OpenSSL Security History

The security of OpenSSL has significantly improved since the discovery of the notorious Heartbleed vulnerability. Although a few flaws still make headlines, the number and severity of vulnerabilities found in OpenSSL have been low in recent years. Only three other issues have been resolved so far in 2025, and only one of those had a 'high severity' rating. That high-severity issue, discovered by Apple researchers, could allow MitM attacks.

Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.

WHAT ARE YOU LOOKING FOR?

Popular Tags

Senator Wyden Urges FTC to Probe Microsoft for Cybersecurity Negligence

U.S. Targets Russian and Chinese Entities in North Korean IT Scam

U.S. Busts 29 Laptop Farms Tied to North Korean IT Scam

U.S. Moves to Seize $225.3M Linked to Crypto Scams

Cyberattack Halts All Operations for Japan's Top Brewer

China launches anti-monopoly probe into Nvidia

Facebook Among Social Media Platforms Nepal Plans to Block

Japan Plans to Double Cybersecurity Workforce by 2030

Czech Agency Warns of Chinese Espionage Threat to Infrastructure

Russia Blocks Telegram, WhatsApp Calls Over Law Violations

UK to Ban Public Sector from Paying Ransomware Gangs

UK’s Most Powerful Supercomputer Goes Live

Sovereign AI Cloud Debuts in South Africa via Touchnet–Zadara Alliance

Sui Opens Lagos Hub to Boost West Africa’s Blockchain Development

Axiz and Kaspersky Join Forces to Boost Cybersecurity in Africa

Schneider Electric Unveils First African Innovation Hub to Advance Digital Solutions

Pakistan's Government Launches Probe Into SIM Data Leak

Red Sea Cable Damage Disrupts Internet in Asia and Middleeast

Hackers Claim Breach of Saudi Industrial Services Firm

Nokia, e& UAE, and MediaTek Break 5G Speed Record in Middle East

Raleigh, NC

Critical OpenSSL Patch Targets Key Recovery and DoS Vulnerabilities

Follow us on

Get Our Newsletter

Tech

New Microsoft Photos AI Automatically Sorts Your Pictures

OpenAI Testing Powerful New AI Agent Powered by GPT-5

Meta Unveils New AI-Powered Smart Glasses

Amazon Introduces AI Agent to Streamline Seller Workflows

Category

Popular Sections

About