CVE-2025-15468 – A NULL pointer dereference vulnerability in Ope... (How to Fix)

Q: What is the severity of CVE-2025-15468?

CVE-2025-15468 has a CVSS score of 5.9 (MEDIUM). A NULL pointer dereference vulnerability in OpenSSL's SSL_CIPHER_find() function when used with QUIC protocol allows denial of service attacks. Applications using OpenSSL 3.2+ with QUIC support that call this function from client_hello_cb are affected. The vulnerability causes abnormal process termination when receiving unknown cipher suites from peers.

📋 TL;DR

A NULL pointer dereference vulnerability in OpenSSL's SSL_CIPHER_find() function when used with QUIC protocol allows denial of service attacks. Applications using OpenSSL 3.2+ with QUIC support that call this function from client_hello_cb are affected. The vulnerability causes abnormal process termination when receiving unknown cipher suites from peers.

💻 Affected Systems

Products:

OpenSSL

Versions: 3.2, 3.3, 3.4, 3.5, 3.6

Operating Systems: All operating systems using affected OpenSSL versions

Default Config Vulnerable: ✅ No

Notes: Only affects applications using QUIC protocol and calling SSL_CIPHER_find() from client_hello_cb. FIPS modules are not affected. OpenSSL 3.0, 1.1.1, and 1.0.2 are not vulnerable.

📦 What is this software?

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service causing application crashes and service unavailability

🟠

Likely Case

Intermittent service disruptions when malicious clients send malformed cipher suites

🟢

If Mitigated

No impact if applications don't use QUIC or don't call SSL_CIPHER_find() from client_hello_cb

🌐 Internet-Facing: MEDIUM - Exploitable by external attackers but requires specific application configuration

🏢 Internal Only: LOW - Requires internal attackers with network access and specific application knowledge

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malformed cipher suites to applications with specific QUIC configurations. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in latest releases of affected versions

Vendor Advisory: https://openssl-library.org/news/secadv/20260127.txt

Restart Required: Yes

Instructions:

1. Update OpenSSL to latest patched version for your release (3.6, 3.5, 3.4, or 3.3). 2. Recompile applications against updated OpenSSL. 3. Restart affected services.

🔧 Temporary Workarounds

Disable QUIC protocol

all

If QUIC is not required, disable it in application configuration

Configure application to use TLS instead of QUIC

Avoid SSL_CIPHER_find() in client_hello_cb

all

Modify application code to not call SSL_CIPHER_find() from client_hello_cb callback

Review and modify application source code

🧯 If You Can't Patch

Implement network filtering to block malformed QUIC packets
Deploy application-level monitoring and automatic restart mechanisms

🔍 How to Verify

Check if Vulnerable:

Check OpenSSL version with 'openssl version' and verify if application uses QUIC and calls SSL_CIPHER_find() from client_hello_cb

Check Version:

openssl version

Verify Fix Applied:

Verify OpenSSL version is updated and test application with malformed cipher suites to ensure no crashes

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Abnormal termination of QUIC-enabled services
Error logs mentioning NULL pointer dereference

Network Indicators:

Unusual QUIC handshake patterns
Malformed cipher suite IDs in network traffic

SIEM Query:

process:terminated AND (error:segmentation_fault OR error:null_pointer) AND protocol:quic

📊 Metadata

CVE ID: CVE-2025-15468

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.05% exploit probability (14.6th percentile)

Published: January 27, 2026

Last Updated: February 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15468, you might also want to check these: