Main Vulnerability Database Vulnerabilities #VU109657

#VU109657 Expected behavior violation in OpenSSL - CVE-2025-4575

Published: May 22, 2025

Vulnerability identifier: #VU109657

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-4575

CWE-ID: CWE-440

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenSSL

Software vendor:
OpenSSL Software Foundation

Description

The vulnerability may allow an attacker to gain unauthorized access to the application.

The vulnerability exists due to an error in code related to usage of the "-addreject" option to reject certain x509 certificates. If the option is used, the certificated will be added as trusted instead of rejecting it.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://openssl-library.org/news/secadv/20250522.txt

#VU109657 Expected behavior violation in OpenSSL - CVE-2025-4575

Description

Remediation

External links

Please verify you're human