CVE-2025-69418 Unauthenticated/unencrypted trailing bytes with low-level OCB function calls

🗓️ 27 Jan 2026 16:01:23Reported by opensslType

Low severity: direct OCB calls with non-block lengths leave trailing bytes unencrypted and unauthenticated.

Reporter	Title	Published	Views	Family All 222
IBM Security Bulletins	Security Bulletin: IBM i is affected by multiple vulnerabilities in OpenSSL	17 Mar 202621:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in openssl affects IBM Netezza Appliance	12 May 202606:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ is affected by multiple CVEs (CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796)	2 Mar 202611:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities impact AIX/VIOS due to OpenSSL	9 Mar 202621:03	–	ibm
FreeBSD	OpenSSL -- Multiple vulnerabilities	27 Jan 202600:00	–	freebsd
ATTACKERKB	CVE-2025-69418	27 Jan 202616:01	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1434)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : edk2, --advisory ALAS2-2026-3150 (ALAS-2026-3150)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : openssl11, --advisory ALAS2-2026-3169 (ALAS-2026-3169)	19 Feb 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : openssl (ALSA-2026:1472)	28 Jan 202600:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "lessThan": "3.6.1",
        "status": "affected",
        "version": "3.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.5.5",
        "status": "affected",
        "version": "3.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.4.4",
        "status": "affected",
        "version": "3.4.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.3.6",
        "status": "affected",
        "version": "3.3.0",
        "versionType": "semver"
      },
      {
        "lessThan": "3.0.19",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "1.1.1ze",
        "status": "affected",
        "version": "1.1.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae
github	www.github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977
github	www.github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc
github	www.github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347
openssl-library	www.openssl-library.org/news/secadv/20260127.txt
github	www.github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8

27 Jan 2026 16:01Current

EPSS0.00009

CWE-325