CVE-2025-9232

🗓️ 30 Sep 2025 13:17:19Reported by opensslType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 30 Views

Out-of-bounds read in OpenSSL HTTP client no_proxy handling may crash on IPv6 hosts with malicious URL.

Reporter	Title	Published	Views	Family All 140
FreeBSD	OpenSSL -- multiple vulnerabilities	30 Sep 202500:00	–	freebsd
IBM Security Bulletins	Security Bulletin: AIX/VIOS is vulnerable to an out-of-bounds read (CVE-2025-9230, CVE-2025-9232) due to OpenSSL	14 Jan 202616:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase	19 Nov 202515:06	–	ibm
AlpineLinux	CVE-2025-9232	30 Sep 202513:17	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в openssl	1 Nov 202510:54	–	astralinux
CBLMariner	CVE-2025-9232 affecting package openssl for versions less than 3.3.5-1	21 Oct 202515:08	–	cbl_mariner
Chainguard	CVE-2025-9232 vulnerabilities	6 Oct 202513:25	–	cgr
Circl	CVE-2025-9232	30 Sep 202522:26	–	circl
CNNVD	OpenSSL 安全漏洞	30 Sep 202500:00	–	cnnvd
Cvelist	CVE-2025-9232 Out-of-bounds read in HTTP client no_proxy handling	30 Sep 202513:17	–	cvelist

Vulners

Node

openssl opensslRange3.5.0–3.5.4

openssl opensslRange3.4.0–3.4.3

openssl opensslRange3.3.3–3.3.5

openssl opensslRange3.2.4–3.2.6

openssl opensslRange3.0.16–3.0.18

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "lessThan": "3.5.4",
        "status": "affected",
        "version": "3.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.4.3",
        "status": "affected",
        "version": "3.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.3.5",
        "status": "affected",
        "version": "3.3.3",
        "versionType": "semver"
      },
      {
        "lessThan": "3.2.6",
        "status": "affected",
        "version": "3.2.4",
        "versionType": "semver"
      },
      {
        "lessThan": "3.0.18",
        "status": "affected",
        "version": "3.0.16",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf
openssl-library	www.openssl-library.org/news/secadv/20250930.txt
github	www.github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35
github	www.github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b
github	www.github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0
github	www.github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-253495.html
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-089022.html
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-082556.html
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-032379.html

02 Jun 2026 14:16Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.15.9

EPSS0.00063

SSVC

CWE-125