CVE-2025-66199 – A TLS 1.3 vulnerability in OpenSSL allows attac... (How to Fix)

Q: What is the severity of CVE-2025-66199?

CVE-2025-66199 has a CVSS score of 5.9 (MEDIUM). A TLS 1.3 vulnerability in OpenSSL allows attackers to force large memory allocations (up to 22 MiB per connection) via certificate compression, potentially causing denial of service through resource exhaustion. This affects OpenSSL 3.3-3.6 builds with TLS 1.3 certificate compression enabled and compression algorithms available. Only systems using TLS 1.3 with certificate compression negotiation are vulnerable.

📋 TL;DR

A TLS 1.3 vulnerability in OpenSSL allows attackers to force large memory allocations (up to 22 MiB per connection) via certificate compression, potentially causing denial of service through resource exhaustion. This affects OpenSSL 3.3-3.6 builds with TLS 1.3 certificate compression enabled and compression algorithms available. Only systems using TLS 1.3 with certificate compression negotiation are vulnerable.

💻 Affected Systems

Products:

OpenSSL

Versions: 3.3, 3.4, 3.5, 3.6

Operating Systems: All operating systems using affected OpenSSL versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when TLS 1.3 certificate compression is compiled in (not OPENSSL_NO_COMP_ALG), at least one compression algorithm (brotli, zlib, or zstd) is available, and compression extension is negotiated. FIPS modules are not affected.

📦 What is this software?

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Resource exhaustion leading to complete service degradation or crash of TLS services handling multiple connections

🟠

Likely Case

Service performance degradation under targeted attack, increased memory usage and CPU consumption

🟢

If Mitigated

Minimal impact with proper controls; memory allocations bounded by max_cert_list setting

🌐 Internet-Facing: MEDIUM - Requires specific TLS 1.3 configuration with certificate compression enabled, but could affect public-facing services

🏢 Internal Only: LOW - Internal systems less likely to have certificate compression enabled and less exposed to attack

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires establishing TLS 1.3 connections with certificate compression. No memory corruption or information disclosure occurs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available via OpenSSL security updates; check specific version for your distribution

Vendor Advisory: https://openssl-library.org/news/secadv/20260127.txt

Restart Required: Yes

Instructions:

1. Update OpenSSL to patched version from your distribution's repositories. 2. Restart all services using OpenSSL. 3. Verify the fix with version check and testing.

🔧 Temporary Workarounds

Disable certificate compression reception

all

Set SSL_OP_NO_RX_CERTIFICATE_COMPRESSION option to disable receiving compressed certificates

In application code: SSL_CTX_set_options(ctx, SSL_OP_NO_RX_CERTIFICATE_COMPRESSION)

🧯 If You Can't Patch

Disable TLS 1.3 certificate compression in build configuration
Implement rate limiting on TLS connections to mitigate DoS impact

🔍 How to Verify

Check if Vulnerable:

Check OpenSSL version and build configuration: openssl version -a | grep 'OpenSSL 3.[3-6]' and verify if certificate compression is enabled

Check Version:

openssl version

Verify Fix Applied:

Verify OpenSSL version is updated and test TLS 1.3 connections with certificate compression

📡 Detection & Monitoring

Log Indicators:

Unusually large memory allocations during TLS handshakes
Multiple TLS handshake failures with large certificate sizes
Increased memory usage in TLS services

Network Indicators:

TLS 1.3 connections with certificate compression extension
Abnormally large CompressedCertificate messages

SIEM Query:

Search for TLS handshake failures with error codes related to certificate processing or memory allocation errors

📊 Metadata

CVE ID: CVE-2025-66199

CVSS v3 Score: 5.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-789

EPSS Score: 0.06% exploit probability (18.3th percentile)

Published: January 27, 2026

Last Updated: February 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66199, you might also want to check these: