Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed incleartext on encryption and are not covered by the authentication tag,allowing an attacker to read or tamper with those bytes without detection.The low-level OCB encrypt and decrypt routines in the hardware-acceleratedstream path process full 16-byte blocks but do not advance the input/outputpointers. The subsequent tail-handling code then operates on the originalbase pointers, effectively reprocessing the beginning of the buffer whileleaving the actual trailing bytes unprocessed. The authentication checksumalso excludes the true tail bytes.However, typical OpenSSL consumers using EVP are not affected because thehigher-level EVP and provider OCB implementations split inputs so that fullblocks and trailing partial blocks are processed in separate calls, avoidingthe problematic code path. Additionally, TLS does not use OCB ciphersuites.The vulnerability only affects applications that call the low-levelCRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly withnon-block-aligned lengths in a single call on hardware-accelerated builds.For these reasons the issue was assessed as Low severity.The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affectedby this issue, as OCB mode is not a FIPS-approved algorithm.OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.OpenSSL 1.0.2 is not affected by this issue.
CVE-2025-69418
Score 4.0 from GitHub Security Advisory published 2026-01-27. NVD baseline CVSS 4.0; sources differ by 0.0.
- Lower severity and no public exploit yet
A fix is available — apply it.
- CVSS v3
- 4.0
- EG Score
- 4.0(medium)
- EPSS
- 1.8%
- KEV
- Not listed
Published
January 27, 2026
Last Modified
May 12, 2026
References (7)
- openssl-security@opensslhttps://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc
- openssl-security@opensslhttps://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8
- openssl-security@opensslhttps://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347
- openssl-security@opensslhttps://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae
- openssl-security@opensslhttps://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977
- openssl-security@opensslhttps://openssl-library.org/news/secadv/20260127.txt
- 0b142b55-0307-4c5a-b3c9-f314f3fb7c5ehttps://cert-portal.siemens.com/productcert/html/ssa-265688.html
Vendor Advisories for CVE-2025-69418(6)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
- RHSA-2026:7261Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
- RHSA-2026:4943Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat Update Infrastructure 5.1 security update
- RHSA-2026:3228Red Hat Product SecurityHigh
Red Hat Security Advisory: Cost Management Metrics Operator Update
- RHSA-2026:2563Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat Update Infrastructure 5 security update
- RHSA-2026:2485Red Hat Product SecurityHigh
Red Hat Security Advisory: Insights proxy Container Image
- RHSA-2026:1736Red Hat Product SecurityHigh
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Patch Availability(10)
| Vendor / Ecosystem | Fixed in / Patch | Released | Source |
|---|---|---|---|
| ubuntu | openssl1.0 (1.0.2n-1ubuntu5.13+esm3) @ bionic | 2026-06-08 | ubuntu |
| ubuntu | openssl (3.0.2-0ubuntu1.21) @ jammy | 2026-06-08 | ubuntu |
| redhat | openssl-main-3.5.6-0.1.hum1 | 2026-04-09 | redhat |
| redhat | rhui5/rhua-rhel9:1773670137 | 2026-03-18 | redhat |
| redhat | costmanagement/costmanagement-metrics-rhel9-operator:1770836349 | 2026-02-24 | redhat |
| redhat | rhui5/installer-rhel9:1770646925 | 2026-02-11 | redhat |
| redhat | insights-proxy/insights-proxy-container-rhel9:1770740405 | 2026-02-10 | redhat |
| redhat | discovery/discovery-ui-rhel9:1769111774 | 2026-02-02 | redhat |
| redhat | openssl-1:3.5.1-7.el9_7 | 2026-01-28 | redhat |
| redhat | openssl-1:3.5.1-7.el10_1 | 2026-01-28 | redhat |
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Additional Vendor Advisories
(4)
Vendors that published advisories for this CVE beyond the curated set above. Broader coverage but minimal per-row detail — click through for the original advisory.
Data Freshness Timeline
(refreshed 9× in last 7d / 44× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Showing the most recent 100 of 103 total refreshes for this CVE.
- 2026-07-15 16:57 UTCEPSS rescore
- 2026-07-15 16:57 UTCEPSS rescore
- 2026-07-15 02:00 UTCEPSS rescore
- 2026-07-15 01:59 UTCEPSS rescore
- 2026-07-13 14:08 UTCOSV refresh
- 2026-07-13 06:12 UTCEPSS rescore
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-09 19:10 UTCEPSS rescore
- 2026-07-08 15:15 UTCEPSS rescore
- 2026-07-07 13:46 UTCEPSS rescore
- 2026-07-06 16:27 UTCEPSS rescore
- 2026-07-06 02:23 UTCEPSS rescore
- 2026-07-05 02:30 UTCEPSS rescore
- 2026-07-05 02:30 UTCEPSS rescore
- 2026-07-04 06:31 UTCEPSS rescore
- 2026-07-04 06:31 UTCEPSS rescore
- 2026-07-01 15:06 UTCEPSS rescore
- 2026-06-30 23:22 UTCEPSS rescore
- 2026-06-30 23:22 UTCEPSS rescore
- 2026-06-29 14:06 UTCEPSS rescore
- 2026-06-29 14:06 UTCEPSS rescore
- 2026-06-28 14:07 UTCEPSS rescore
- 2026-06-28 14:07 UTCEPSS rescore
- 2026-06-28 04:56 UTCEPSS rescore
Show 75 moreShow fewer
- 2026-06-28 04:56 UTCEPSS rescore
- 2026-06-27 03:08 UTCEPSS rescore
- 2026-06-25 13:49 UTCEPSS rescore
- 2026-06-25 13:49 UTCEPSS rescore
- 2026-06-25 11:01 UTCOSV refresh
- 2026-06-24 14:05 UTCEPSS rescore
- 2026-06-24 14:04 UTCEPSS rescore
- 2026-06-23 21:32 UTCEPSS rescore
- 2026-06-22 14:25 UTCEPSS rescore
- 2026-06-22 14:25 UTCEPSS rescore
- 2026-06-21 14:56 UTCEPSS rescore
- 2026-06-21 14:56 UTCEPSS rescore
- 2026-06-21 01:59 UTCEPSS rescore
- 2026-06-21 01:59 UTCEPSS rescore
- 2026-06-19 19:25 UTCEPSS rescore
- 2026-06-19 19:25 UTCEPSS rescore
- 2026-06-18 17:52 UTCEPSS rescore
- 2026-06-18 17:52 UTCEPSS rescore
- 2026-06-17 17:53 UTCEPSS rescore
- 2026-06-15 17:48 UTCEPSS rescore
- 2026-06-14 23:18 UTCEPSS rescore
- 2026-06-13 23:00 UTCEPSS rescore
- 2026-06-13 23:00 UTCEPSS rescore
- 2026-06-12 23:12 UTCEPSS rescore
- 2026-06-12 23:12 UTCEPSS rescore
- 2026-06-11 14:00 UTCEPSS rescore
- 2026-06-10 22:18 UTCEPSS rescore
- 2026-06-10 13:22 UTCEPSS rescore
- 2026-06-08 14:17 UTCEPSS rescore
- 2026-06-08 14:17 UTCEPSS rescore
- 2026-06-08 02:31 UTCEG score recompute
- 2026-06-08 02:31 UTCVendor advisory
- 2026-06-08 02:31 UTCGHSA enrichment
- 2026-06-07 15:24 UTCEPSS rescore
- 2026-06-07 15:24 UTCEPSS rescore
- 2026-06-05 22:47 UTCEPSS rescore
- 2026-06-05 22:46 UTCEPSS rescore
- 2026-06-05 06:10 UTCEPSS rescore
- 2026-06-05 06:10 UTCEPSS rescore
- 2026-06-04 13:12 UTCEPSS rescore
- 2026-06-04 13:12 UTCEPSS rescore
- 2026-06-02 20:13 UTCEPSS rescore
- 2026-06-01 16:27 UTCOSV refresh
- 2026-06-01 13:51 UTCEPSS rescore
- 2026-06-01 13:51 UTCEPSS rescore
- 2026-05-31 22:30 UTCEPSS rescore
- 2026-05-31 22:30 UTCEPSS rescore
- 2026-05-31 00:16 UTCEPSS rescore
- 2026-05-31 00:16 UTCEPSS rescore
- 2026-05-29 13:44 UTCEPSS rescore
- 2026-05-29 13:44 UTCEPSS rescore
- 2026-05-28 13:44 UTCEPSS rescore
- 2026-05-28 13:44 UTCEPSS rescore
- 2026-05-28 13:44 UTCEPSS rescore
- 2026-05-27 13:40 UTCEPSS rescore
- 2026-05-27 13:40 UTCEPSS rescore
- 2026-05-27 13:40 UTCEPSS rescore
- 2026-05-27 13:40 UTCEPSS rescore
- 2026-05-26 13:44 UTCEPSS rescore
- 2026-05-26 13:44 UTCEPSS rescore
- 2026-05-26 13:44 UTCEPSS rescore
- 2026-05-26 07:18 UTCEPSS rescore
- 2026-05-26 07:18 UTCEPSS rescore
- 2026-05-26 07:18 UTCEPSS rescore
- 2026-05-24 16:58 UTCEPSS rescore
- 2026-05-22 21:16 UTCEPSS rescore
- 2026-05-22 21:16 UTCEPSS rescore
- 2026-05-21 22:43 UTCEPSS rescore
- 2026-05-20 23:58 UTCEG score recompute
- 2026-05-20 23:58 UTCVendor advisory
- 2026-05-20 23:58 UTCGHSA enrichment
- 2026-05-20 22:37 UTCEPSS rescore
- 2026-05-20 22:37 UTCEPSS rescore
- 2026-05-20 22:37 UTCEPSS rescore
- 2026-05-20 11:21 UTCEPSS rescore
Frequently asked(5)
What is CVE-2025-69418?
When was CVE-2025-69418 disclosed?
Is CVE-2025-69418 actively exploited?
What is the CVSS score of CVE-2025-69418?
How do I remediate CVE-2025-69418?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2025-69418
Is Your Infrastructure Affected by CVE-2025-69418?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.