CVE-2025-15469
📋 TL;DR
The OpenSSL 'dgst' command-line tool silently truncates files larger than 16MB when using one-shot signing algorithms (Ed25519, Ed448, ML-DSA variants), creating an integrity gap where trailing data remains unauthenticated. This affects users who both sign and verify files larger than 16MB using the affected command-line tool with these specific algorithms.
💻 Affected Systems
- OpenSSL
📦 What is this software?
Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →⚠️ Risk & Real-World Impact
Worst Case
Attackers could modify trailing bytes in signed files larger than 16MB without detection, potentially altering critical data or injecting malicious content while the signature appears valid.
Likely Case
Users signing and verifying large files (e.g., software packages, backups, logs) with affected algorithms may have undetected data integrity issues in portions beyond 16MB.
If Mitigated
If using streaming algorithms, library APIs, or files under 16MB, no impact occurs. Verifiers using library APIs will reject truncated signatures.
🎯 Exploit Status
Exploitation requires both signing and verification to use the vulnerable command-line tool. Library-based verification would detect the issue.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available via OpenSSL commits 310f305eb92ea8040d6b3cb75a5feeba8e6acf2f and a7936fa4bd23c906e1955a16a0a0ab39a4953a61
Vendor Advisory: https://openssl-library.org/news/secadv/20260127.txt
Restart Required: No
Instructions:
1. Update OpenSSL to version 3.5 or 3.6 with the patches applied. 2. Recompile if using custom builds. 3. No service restart needed as this is a command-line tool issue.
🔧 Temporary Workarounds
Use streaming algorithms
allUse algorithms that support streaming (like SHA256 with RSA) instead of one-shot algorithms for files larger than 16MB.
openssl dgst -sha256 -sign private.key -out signature.bin file.txt
Split large files
linuxSplit files into chunks smaller than 16MB before signing with affected algorithms.
split -b 15M largefile.txt chunk_
for f in chunk_*; do openssl dgst -ed25519 -sign key.pem -out $f.sig $f; done
🧯 If You Can't Patch
- Avoid using 'openssl dgst' with Ed25519, Ed448, or ML-DSA algorithms for files larger than 16MB.
- Use library APIs or alternative tools for signing/verification of large files.
🔍 How to Verify
Check if Vulnerable:
Check OpenSSL version and test with a file >16MB: 'openssl version' and create test with 'openssl dgst -ed25519 -sign key.pem -out sig.bin largefile.txt'Check Version:
openssl versionVerify Fix Applied:
After patching, the command should error on files >16MB instead of silently truncating.📡 Detection & Monitoring
Log Indicators:
- Command logs showing 'openssl dgst' with Ed25519/Ed448/ML-DSA on files >16MB
Network Indicators:
- None - this is a local command-line issue
SIEM Query:
Process execution where command contains 'openssl dgst' AND (command contains 'ed25519' OR 'ed448' OR 'ml-dsa') AND file_size > 16777216