CVE-2025-3416
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk36th percentile — higher than 36% of all known CVEs
Summary
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Risk Assessment
An attacker could exploit this vulnerability to cause unpredictable behavior in OpenSSL, potentially leading to data integrity compromise or denial of service.
Recommendation
Update OpenSSL to the patched version as recommended by the vendor immediately.
Original NVD description (English source)
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

