CVE-2025-15467 - Stack Buffer Overflow in OpenSSL Parsing of CMS (Auth)EnvelopedData with AEAD Parameters

Date: June 2024

Overview

A new high-risk vulnerability, catalogued as CVE-2025-15467, has been identified in OpenSSL versions 3.6, 3.5, 3.4, 3.3, and 3.. The flaw occurs when parsing CMS AuthEnvelopedData or EnvelopedData messages containing maliciously crafted AEAD cipher parameters. Specifically, attackers can exploit how OpenSSL handles the Initialization Vector (IV) within ASN.1 parameters to trigger a dangerous stack buffer overflow.

This article breaks down the root cause, impact, exploit mechanics, and mitigation paths, using simple language and direct code illustrations. If your application or service processes untrusted CMS or PKCS#7 files—especially using AEAD ciphers like AES-GCM—your system could be at serious risk.

What is the Issue?

When OpenSSL parses a CMS structure of type EnvelopedData or AuthEnvelopedData, and this uses an AEAD cipher (for example, AES-GCM), it unpacks the cipher’s Initialization Vector (IV) from ASN.1-encoded parameters.

Problem Trigger

OpenSSL copies the IV into a fixed-size stack buffer without verifying if the IV’s length actually fits! If the attacker provides an IV longer than expected, they can overwrite adjacent memory on the stack.

This stack buffer overflow occurs before any authentication or cryptographic verification.

- No valid or known encryption key is needed: crafting the ASN.1 structure is enough to crash the server or potentially take control.

A stack buffer overflow is serious, because

- A remote attacker can send malicious CMS files via email (S/MIME), web, or APIs.

Denial of Service (DoS): Application crash.

- Remote Code Execution (RCE): Run arbitrary code on the host (depends on protections like stack canaries/ASLR).

Whether RCE is reliably exploitable depends on details of the platform and stack protection, but even with "just" DoS, many public-facing services like mail servers, document signers, and web APIs are affected.

Use OpenSSL 3.x (versions 3., 3.1, 3.2, 3.3, 3.4, 3.5, or 3.6).

- Parse untrusted CMS or PKCS#7 content, especially with AEAD ciphers like AES-GCM or ChaCha20-Poly1305.
- Implement S/MIME, secure email, or similar file parsing services.

Use only OpenSSL 1.1.1 or 1..2.

- Do not accept/process untrusted CMS or PKCS#7 data.

Technical Exploit Details

The vulnerability arises in code handling ASN.1 parameter parsing for AEAD algorithms.

Suppose you create a CMS EnvelopedData object with a maliciously long IV. OpenSSL code might do the following unsafe copy (illustration):

unsigned char iv[12];  // intended for e.g. AES-GCM standard IVs (12 bytes)

// Parse ASN.1-encoded parameters to extract IV value and length
const unsigned char *asn1_iv = ...;    // pointer from parsed ASN.1
int ivlen = ...;                       // length from ASN.1, ATTACKER CONTROLLED

// The dangerous copy: no bounds check!
memcpy(iv, asn1_iv, ivlen);
// If ivlen > 12, this will corrupt stack!

What an attacker does:
They craft a CMS or PKCS#7 structure (e.g., S/MIME email) using an abnormally large IV (say, 64 bytes instead of 12), encoded in the ASN.1 parameters. When OpenSSL parses this, it blindly copies into the small stack buffer, spilling over and corrupting stack memory.

Proof-of-Concept ASN.1 Construction

Attackers can use popular tools (like asn1crypto or pyOpenSSL) to hand-craft such malicious files.

Example ASN.1 bytes

AlgorithmIdentifier  ::=  SEQUENCE  {
    algorithm               OBJECT IDENTIFIER,
    parameters              [] 
}
parameters: OCTET STRING (oversized IV payload)

A malicious IV

30 xx 06 xx 04 40 <64 bytes of garbage>

Crucially: Because the bug happens before cryptographic checks, the server may crash or run attacker code without authenticating the data.

OpenSSL Security Advisory (Original Source):

OpenSSL Project News & Advisories
- CMS / S/MIME in OpenSSL:
OpenSSL CMS Documentation

ASN.1 Spec Details:

Wikipedia: ASN.1

Similar CVEs:

- CVE-2024-073
- CVE-2023-0286

Check your application stack:

- Are CMS or PKCS#7/S/MIME features in use?
- Do you process files/emails from untrusted users?

Upgrade OpenSSL:

Upgrade immediately to the patched versions (expected 3.7 or above), or apply your distribution’s security patches as released.

Apply Workarounds:

- Filter or block untrusted CMS/PKCS#7 files.
- Disable S/MIME/CMS features if not in active use.

Monitor for Exploitation Attempts:

Watch for crashes from malformed emails or files, especially on systems employing S/MIME or document signatures.

Vulnerability Management:

Update and patch all servers and workstations that use OpenSSL 3.x and handle file/content parsing.

Conclusion

CVE-2025-15467 is one of the most severe OpenSSL parsing bugs in recent years, reminiscent of the old "Heartbleed" flaw, but targeting new cryptographic edge cases. Anyone processing untrusted CMS/PKCS#7 content with OpenSSL 3.x is at immediate risk of denial-of-service or possibly remote code execution.

If you use OpenSSL 3 in any public-facing or file/mail processing service, you should patch as soon as possible.

Stay safe. Security is everyone’s job!

*For live updates and more vulnerability deep-dives, follow us at [Your Security Blog/Twitter/LinkedIn]*

References

- Original OpenSSL Security Advisory *(example link; replace with actual advisory when published)*
- GitHub: OpenSSL Source Code
- Practical ASN.1 Attacks

Timeline

Published on: 01/27/2026 16:01:19 UTC
Last modified on: 03/19/2026 19:16:19 UTC