Skip to main content
Skip table of contents

ISN 2025-43: OpenSSL Vulnerability

First published 13 October 2025

CVSS:3.1: 7.5 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A security vulnerability has been found in OpenSSL, a cryptography library and toolkit used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

It has been discovered that decrypting Cryptographic Message Syntax (CMS) messages encrypted using password-based encryption can trigger an out-of-bounds read and write (CVE-2025-9230, high). This may crash the application using the OpenSSL library or even enable the execution of arbitrary code.

Update Instructions

  • OS 12: Update to the IGEL OS base system app in version 12.7.4 or newer when available from the IGEL App Portal.

  • OS 11: Update to IGEL OS version 11.11.100 when available.

References

OpenSSL Security Advisory [30th September 2025]: https://openssl-library.org/news/secadv/20250930.txt

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close