CVE-2025-69418
📋 TL;DR
This vulnerability in OpenSSL's low-level OCB API exposes the last 1-15 bytes of a message in cleartext and unauthenticated when using hardware-accelerated code paths with non-block-aligned lengths. It only affects applications that directly call CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() with such inputs, not typical users of higher-level EVP APIs or TLS.
💻 Affected Systems
- OpenSSL
📦 What is this software?
Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →Openssl by Openssl
OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.
Learn more about Openssl →⚠️ Risk & Real-World Impact
Worst Case
An attacker could read or tamper with the trailing bytes of encrypted data without detection, potentially exposing sensitive information or altering message integrity in affected applications.
Likely Case
Limited exposure due to the niche usage of low-level OCB APIs; most real-world applications using standard OpenSSL interfaces remain unaffected, resulting in minimal impact.
If Mitigated
If applications avoid direct low-level OCB calls with non-block-aligned lengths or use unaffected configurations, the risk is negligible with no practical exploitation.
🎯 Exploit Status
Exploitation requires knowledge of application internals using vulnerable API calls; no public exploits are known, and the niche nature reduces weaponization likelihood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply patches from OpenSSL commits (e.g., 372fc5c77529695b05b4f5b5187691a57ef5dffc) or upgrade to a fixed version when released.
Vendor Advisory: https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc
Restart Required: Yes
Instructions:
1. Check OpenSSL version with 'openssl version'. 2. If vulnerable, apply patches from provided GitHub commits or wait for official OpenSSL update. 3. Recompile and reinstall OpenSSL. 4. Restart affected applications or services.
🔧 Temporary Workarounds
Avoid low-level OCB API usage
allModify applications to use higher-level EVP APIs for OCB encryption/decryption, which are not affected.
Review and refactor code to replace CRYPTO_ocb128_encrypt/decrypt calls with EVP interfaces.
Ensure block-aligned inputs
allIf low-level OCB APIs must be used, ensure input lengths are multiples of 16 bytes to avoid the vulnerable code path.
Implement padding or validation in application code to enforce 16-byte alignment for OCB operations.
🧯 If You Can't Patch
- Audit applications for direct usage of CRYPTO_ocb128_encrypt/decrypt and disable or modify them if possible.
- Implement network segmentation and access controls to limit exposure of affected systems to untrusted networks.
🔍 How to Verify
Check if Vulnerable:
Check if OpenSSL version is 3.6, 3.5, 3.4, 3.3, 3.0, or 1.1.1 and review application code for direct calls to CRYPTO_ocb128_encrypt/decrypt with non-block-aligned lengths.Check Version:
openssl versionVerify Fix Applied:
After patching, verify OpenSSL version is updated and test OCB operations with non-block-aligned inputs to ensure no cleartext exposure.📡 Detection & Monitoring
Log Indicators:
- Unusual application errors or warnings related to OCB encryption/decryption failures in logs.
Network Indicators:
- No specific network indicators, as exploitation is application-specific and not network-based.
SIEM Query:
Search for application logs containing 'OCB' or 'CRYPTO_ocb128' calls with error messages, if logging is enabled.🔗 References
- https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc
- https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8
- https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347
- https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae
- https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977
- https://openssl-library.org/news/secadv/20260127.txt
