CVE Catalog

CVE-2025-3416

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.45%

36th percentile — higher than 36% of all known CVEs

Summary

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

Risk Assessment

An attacker could exploit this vulnerability to cause unpredictable behavior in OpenSSL, potentially leading to data integrity compromise or denial of service.

Recommendation

Update OpenSSL to the patched version as recommended by the vendor immediately.

Original NVD description (English source)

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS